Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
discord.exe

Overview

General Information

Sample name:discord.exe
Analysis ID:1573184
MD5:92381e1c521ac985474c86f52e81d648
SHA1:889d8f03e2e854dd7164e4c35e444bc01a817361
SHA256:fc488eb00b7ffa0e01c915d9700229a78b1311918ec8e1961764ef0b3624e061
Tags:exeuser-sa6ta6ni6c
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected AntiVM5
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • discord.exe (PID: 2664 cmdline: "C:\Users\user\Desktop\discord.exe" MD5: 92381E1C521AC985474C86F52E81D648)
    • discord.exe (PID: 6368 cmdline: "C:\Users\user\Desktop\discord.exe" MD5: 92381E1C521AC985474C86F52E81D648)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_AntiVM_5Yara detected AntiVM_5Joe Security
    Process Memory Space: discord.exe PID: 6368JoeSecurity_AntiVM_5Yara detected AntiVM_5Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: discord.exeAvira: detected
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE44B98 i2d_X509,PyBytes_FromStringAndSize,CRYPTO_free,2_2_00007FFB0BE44B98
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE44E1C ASN1_STRING_type,ASN1_STRING_length,ASN1_STRING_get0_data,_Py_BuildValue_SizeT,ASN1_STRING_to_UTF8,_Py_Dealloc,_Py_BuildValue_SizeT,CRYPTO_free,2_2_00007FFB0BE44E1C
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1BB11890 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyBuffer_IsContiguous,PyObject_GetBuffer,PyBuffer_IsContiguous,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,2_2_00007FFB1BB11890
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1BB16108 CRYPTO_memcmp,2_2_00007FFB1BB16108
      Source: discord.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb** source: discord.exe, 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb source: discord.exe, 00000002.00000002.1424704978.00007FFB0BE83000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr
      Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1430423395.00007FFB1D893000.00000002.00000001.01000000.00000011.sdmp, select.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1429947748.00007FFB1D342000.00000002.00000001.01000000.0000001B.sdmp, _uuid.pyd.0.dr
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: discord.exe, 00000002.00000002.1424344939.00007FFB0BE06000.00000002.00000001.01000000.00000014.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1429789319.00007FFB1C55D000.00000002.00000001.01000000.00000009.sdmp
      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: discord.exe, 00000002.00000002.1424008287.00007FFB0BC8E000.00000002.00000001.01000000.00000015.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb source: discord.exe, 00000002.00000002.1424908800.00007FFB0BEFC000.00000002.00000001.01000000.0000000D.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1430172509.00007FFB1D5B3000.00000002.00000001.01000000.00000017.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: discord.exe, 00000000.00000003.1364648908.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1431775976.00007FFB1E681000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb!! source: discord.exe, 00000002.00000002.1424704978.00007FFB0BE83000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: discord.exe, 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: discord.exe, 00000000.00000003.1364648908.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1431775976.00007FFB1E681000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmp, _hashlib.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1429621561.00007FFB1C53C000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: discord.exe, 00000000.00000003.1364853828.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1430869630.00007FFB1E0E5000.00000002.00000001.01000000.0000000C.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
      Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1429621561.00007FFB1C53C000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: discord.exe, 00000002.00000002.1431423223.00007FFB1E100000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdb source: win32ui.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\_win32sysloader.pdb source: discord.exe, 00000000.00000003.1384079521.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32trace.pdb source: discord.exe, 00000000.00000003.1384378046.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: discord.exe, 00000002.00000002.1424344939.00007FFB0BE06000.00000002.00000001.01000000.00000014.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
      Source: Binary string: .Pdb'L source: discord.exe
      Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419288642.000002009EF90000.00000002.00000001.01000000.00000006.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmp, _socket.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb source: discord.exe, 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1423192127.00007FFB0BA00000.00000002.00000001.01000000.0000001A.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb}},GCTL source: discord.exe, 00000002.00000002.1424908800.00007FFB0BEFC000.00000002.00000001.01000000.0000000D.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\python311.pdb source: discord.exe, 00000002.00000002.1425360473.00007FFB0C2D3000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
      Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: discord.exe, 00000002.00000002.1424008287.00007FFB0BC8E000.00000002.00000001.01000000.00000015.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: discord.exe, 00000000.00000003.1364853828.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1430869630.00007FFB1E0E5000.00000002.00000001.01000000.0000000C.sdmp
      Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: discord.exe, 00000002.00000002.1424008287.00007FFB0BD10000.00000002.00000001.01000000.00000015.sdmp
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4E93B0 FindFirstFileExW,FindClose,0_2_00007FF60A4E93B0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4E93B0 FindFirstFileExW,FindClose,2_2_00007FF60A4E93B0
      Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
      Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
      Source: unknownDNS query: name: api.ipify.org
      Source: unknownDNS query: name: api.ipify.org
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C2E5B24 memset,recvfrom,2_2_00007FFB1C2E5B24
      Source: global trafficDNS traffic detected: DNS query: time.windows.com
      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
      Source: discord.exe, 00000002.00000002.1422064794.00000200A1B18000.00000004.00001000.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400911569.00000200A151E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://9x9o.com/ss122007.txt
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D9000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D9000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedZ
      Source: discord.exe, 00000002.00000003.1400911569.00000200A14C8000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A14C8000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1396717966.00000200A14C8000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A14B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1620000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1620000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
      Source: discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl=
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1620000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlamicClas
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1620000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlts
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1620000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400911569.00000200A1489000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D9000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D9000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
      Source: discord.exe, 00000002.00000003.1397650916.00000200A152F000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1422064794.00000200A1A70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
      Source: discord.exe, 00000002.00000003.1393742371.00000200A108B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1393385475.00000200A105C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/functools.html#functools.lru_cache.
      Source: discord.exe, 00000002.00000002.1420127496.00000200A1200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
      Source: discord.exe, 00000002.00000002.1419810127.00000200A0FFD000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A1019000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398396688.00000200A1022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
      Source: discord.exe, 00000002.00000002.1420127496.00000200A1200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.ese
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D9000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D9000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
      Source: discord.exe, 00000002.00000002.1420318408.00000200A1620000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
      Source: discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/T
      Source: discord.exe, 00000002.00000002.1422286505.00000200A1BA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://timgolden.me.uk/python/wmi.html
      Source: discord.exe, 00000002.00000002.1421965201.00000200A1970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlU
      Source: discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
      Source: discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm9I
      Source: discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
      Source: discord.exe, 00000002.00000003.1391031387.00000200A1020000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1391031387.00000200A0FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370673646.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1369670593.000001B1574D9000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1374746273.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
      Source: discord.exe, 00000002.00000003.1400911569.00000200A1489000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A148F000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A16A2000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400178351.00000200A16A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
      Source: discord.exe, 00000002.00000003.1395056963.00000200A13FB000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395183757.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0FD9000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395056963.00000200A142E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
      Source: discord.exe, 00000002.00000003.1391031387.00000200A1020000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1391094853.00000200A0FBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
      Source: discord.exe, 00000002.00000003.1400178351.00000200A172C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A172C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0FFD000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402629986.00000200A173D000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1422286505.00000200A1BA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
      Source: discord.exe, 00000002.00000002.1422286505.00000200A1BA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.phptrols
      Source: discord.exe, 00000002.00000003.1391031387.00000200A1020000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1391031387.00000200A0FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
      Source: discord.exe, 00000002.00000003.1400911569.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A14DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
      Source: discord.exe, 00000002.00000002.1419810127.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A10C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
      Source: discord.exe, 00000002.00000003.1400911569.00000200A1489000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1489000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1397650916.00000200A152F000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
      Source: discord.exe, 00000002.00000002.1422574989.00000200A2508000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
      Source: discord.exe, 00000002.00000003.1393967354.00000200A1416000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1394698716.00000200A1054000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0FFD000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1394113181.00000200A1054000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A1019000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398396688.00000200A1022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue42195.
      Source: discord.exe, 00000002.00000002.1419619543.00000200A0D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
      Source: discord.exe, 00000002.00000002.1421794958.00000200A1770000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
      Source: discord.exe, 00000000.00000002.1433069941.000001B15763C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.cmt
      Source: discord.exe, 00000002.00000003.1400911569.00000200A14C8000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A14C8000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A14B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1389071314.000002009EE71000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395434057.000002009EE6B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1385892583.00000200A07C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1390242567.000002009EE71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
      Source: discord.exe, 00000002.00000003.1393742371.00000200A108B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1393385475.00000200A105C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/1659
      Source: discord.exe, 00000002.00000002.1420127496.00000200A1200000.00000004.00001000.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1393385475.00000200A0F0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
      Source: discord.exe, discord.exe, 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmp, discord.exe, 00000002.00000002.1425079517.00007FFB0BF44000.00000002.00000001.01000000.0000000D.sdmp, discord.exe, 00000002.00000002.1424750135.00007FFB0BE91000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
      Source: discord.exe, 00000002.00000002.1422064794.00000200A1B18000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
      Source: discord.exe, 00000002.00000002.1419437789.00000200A0948000.00000004.00001000.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1385892583.00000200A07C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
      Source: discord.exe, 00000002.00000003.1390242567.000002009EE71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1389071314.000002009EE71000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395434057.000002009EE6B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1385892583.00000200A07C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1390242567.000002009EE71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
      Source: discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1389071314.000002009EE71000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395434057.000002009EE6B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1385892583.00000200A07C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1390242567.000002009EE71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
      Source: discord.exe, 00000002.00000002.1421794958.00000200A1770000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
      Source: discord.exe, 00000002.00000002.1419810127.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398257642.00000200A10C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
      Source: discord.exe, 00000002.00000003.1398582500.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1421882209.00000200A1870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
      Source: discord.exe, 00000002.00000002.1421882209.00000200A1870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920N
      Source: discord.exe, 00000002.00000002.1421965201.00000200A1970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
      Source: discord.exe, 00000002.00000003.1398582500.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1517000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400911569.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A14DA000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1520000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398257642.00000200A10C3000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402532700.00000200A1456000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419619543.00000200A0D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google.com/api/195988555454
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google.com/api/195988555454cached__
      Source: discord.exe, 00000002.00000003.1398582500.00000200A1460000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398257642.00000200A10C3000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402532700.00000200A1456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
      Source: discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
      Source: discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
      Source: discord.exe, 00000002.00000002.1419619543.00000200A0D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
      Source: discord.exe, 00000002.00000002.1422064794.00000200A1A70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
      Source: discord.exe, 00000002.00000003.1393385475.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395183757.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1394113181.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
      Source: discord.exe, 00000002.00000002.1421965201.00000200A1970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
      Source: discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
      Source: discord.exe, 00000002.00000003.1401539847.00000200A155B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398023667.00000200A1561000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A155B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
      Source: discord.exe, 00000002.00000002.1421882209.00000200A1870000.00000004.00001000.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398257642.00000200A10C3000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1421965201.00000200A1970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
      Source: discord.exe, 00000002.00000002.1419437789.00000200A08C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
      Source: discord.exe, 00000002.00000002.1425360473.00007FFB0C2D3000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/BIOS_Serial_List.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/BaseBoard_Manufacturer_List.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/BaseBoard_Manufacturer_List.txtpyd0
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/BaseBoard_Serial_List.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/CPU_Serial_List.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/DiskDrive_Serial_List.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/HwProfileGuid_List.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/MachineGuid.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/gpu_list.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/hwid_list.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/hwid_list.txt0
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/ip_list.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/mac_list.txt
      Source: discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/pc_platforms.txt
      Source: discord.exe, 00000002.00000003.1393385475.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395183757.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1394113181.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1422286505.00000200A1BA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
      Source: discord.exe, 00000002.00000002.1422286505.00000200A1BA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io0
      Source: discord.exe, 00000002.00000002.1420127496.00000200A1200000.00000004.00001000.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1393385475.00000200A0F0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
      Source: discord.exe, 00000002.00000002.1419619543.00000200A0D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
      Source: discord.exe, 00000002.00000003.1400911569.00000200A151E000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1517000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400911569.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A14DA000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1520000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419619543.00000200A0D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
      Source: discord.exe, 00000002.00000002.1421882209.00000200A1870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
      Source: discord.exe, 00000002.00000002.1421882209.00000200A1870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
      Source: discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1424388268.00007FFB0BE3B000.00000002.00000001.01000000.00000014.sdmp, discord.exe, 00000002.00000002.1424200474.00007FFB0BD86000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.openssl.org/H
      Source: discord.exe, 00000002.00000003.1393385475.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395183757.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1394113181.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
      Source: discord.exe, 00000002.00000003.1401539847.00000200A155B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398023667.00000200A1561000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A155B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
      Source: discord.exe, 00000002.00000002.1419437789.00000200A08C0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
      Source: discord.exe, 00000002.00000002.1425638488.00007FFB0C368000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
      Source: discord.exe, 00000002.00000002.1419810127.00000200A0FD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
      Source: discord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
      Source: discord.exe, 00000002.00000003.1398582500.00000200A1460000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398257642.00000200A10C3000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402532700.00000200A1456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4E7F600_2_00007FF60A4E7F60
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4EAAA00_2_00007FF60A4EAAA0
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4EB4780_2_00007FF60A4EB478
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4EB4580_2_00007FF60A4EB458
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4ED1000_2_00007FF60A4ED100
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4F5D5A0_2_00007FF60A4F5D5A
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A5096280_2_00007FF60A509628
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4EB2780_2_00007FF60A4EB278
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4E9A600_2_00007FF60A4E9A60
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4E27100_2_00007FF60A4E2710
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4E7F602_2_00007FF60A4E7F60
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4EB4782_2_00007FF60A4EB478
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4EB4582_2_00007FF60A4EB458
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4ED1002_2_00007FF60A4ED100
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4F5D5A2_2_00007FF60A4F5D5A
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A5096282_2_00007FF60A509628
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4EB2782_2_00007FF60A4EB278
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4EAAA02_2_00007FF60A4EAAA0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4E9A602_2_00007FF60A4E9A60
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4E27102_2_00007FF60A4E2710
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE489582_2_00007FFB0BE48958
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE4A0302_2_00007FFB0BE4A030
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE4A37C2_2_00007FFB0BE4A37C
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE456C42_2_00007FFB0BE456C4
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE482882_2_00007FFB0BE48288
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE499F02_2_00007FFB0BE499F0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE495F82_2_00007FFB0BE495F8
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE4B5CC2_2_00007FFB0BE4B5CC
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1BB118902_2_00007FFB1BB11890
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C2E10602_2_00007FFB1C2E1060
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C525CE02_2_00007FFB1C525CE0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C528D402_2_00007FFB1C528D40
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C5225302_2_00007FFB1C522530
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C526EAC2_2_00007FFB1C526EAC
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C5212B02_2_00007FFB1C5212B0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C522FF02_2_00007FFB1C522FF0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C5253A02_2_00007FFB1C5253A0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C521BB02_2_00007FFB1C521BB0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C52F81C2_2_00007FFB1C52F81C
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1E0F31C02_2_00007FFB1E0F31C0
      Source: C:\Users\user\Desktop\discord.exeCode function: String function: 00007FF60A4E2FE0 appears 32 times
      Source: C:\Users\user\Desktop\discord.exeCode function: String function: 00007FF60A4E2F40 appears 178 times
      Source: C:\Users\user\Desktop\discord.exeCode function: String function: 00007FFB1C4FC0A0 appears 47 times
      Source: C:\Users\user\Desktop\discord.exeCode function: String function: 00007FF60A4E2E60 appears 98 times
      Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
      Source: pyarmor_runtime.pyd.0.drStatic PE information: Number of sections : 11 > 10
      Source: discord.exeStatic PE information: Number of sections : 12 > 10
      Source: python3.dll.0.drStatic PE information: No import functions for PE file found
      Source: discord.exe, 00000000.00000003.1364648908.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs discord.exe
      Source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1364254607.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs discord.exe
      Source: discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1384378046.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs discord.exe
      Source: discord.exe, 00000000.00000003.1384079521.000001B1574DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs discord.exe
      Source: discord.exe, 00000000.00000003.1365762217.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1384079521.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs discord.exe
      Source: discord.exe, 00000000.00000003.1379846976.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom311.dll0 vs discord.exe
      Source: discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1382416243.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes311.dll0 vs discord.exe
      Source: discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1384111557.000001B1574DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs discord.exe
      Source: discord.exe, 00000000.00000003.1364853828.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs discord.exe
      Source: discord.exe, 00000000.00000003.1367118033.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1370966073.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs discord.exe
      Source: discord.exe, 00000000.00000003.1365241875.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1384216302.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs discord.exe
      Source: discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs discord.exe
      Source: discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs discord.exe
      Source: discord.exeBinary or memory string: OriginalFilename vs discord.exe
      Source: discord.exe, 00000002.00000002.1423397883.00007FFB0BA05000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs discord.exe
      Source: discord.exe, 00000002.00000002.1419288642.000002009EF90000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs discord.exe
      Source: discord.exe, 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamepywintypes311.dll0 vs discord.exe
      Source: discord.exe, 00000002.00000002.1430006201.00007FFB1D344000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs discord.exe
      Source: discord.exe, 00000002.00000002.1431896002.00007FFB1E687000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs discord.exe
      Source: discord.exe, 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs discord.exe
      Source: discord.exe, 00000002.00000002.1431046518.00007FFB1E0E9000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs discord.exe
      Source: discord.exe, 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs discord.exe
      Source: discord.exe, 00000002.00000002.1425079517.00007FFB0BF44000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamepythoncom311.dll0 vs discord.exe
      Source: discord.exe, 00000002.00000002.1429680658.00007FFB1C545000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs discord.exe
      Source: discord.exe, 00000002.00000002.1428228727.00007FFB0C507000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs discord.exe
      Source: discord.exe, 00000002.00000002.1431628414.00007FFB1E10D000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs discord.exe
      Source: discord.exe, 00000002.00000002.1424388268.00007FFB0BE3B000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibsslH vs discord.exe
      Source: discord.exe, 00000002.00000002.1430225925.00007FFB1D5B6000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs discord.exe
      Source: discord.exe, 00000002.00000002.1424200474.00007FFB0BD86000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs discord.exe
      Source: discord.exe, 00000002.00000002.1430545056.00007FFB1D896000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs discord.exe
      Source: discord.exe, 00000002.00000002.1429833783.00007FFB1C562000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs discord.exe
      Source: discord.exe, 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs discord.exe
      Source: discord.exe, 00000002.00000002.1424750135.00007FFB0BE91000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs discord.exe
      Source: classification engineClassification label: mal56.evad.winEXE@3/34@2/1
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4E8CD0 FormatMessageW,WideCharToMultiByte,GetLastError,0_2_00007FF60A4E8CD0
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user~1\AppData\Local\Temp\_MEI26642Jump to behavior
      Source: discord.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\discord.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\discord.exeFile read: C:\Users\user\Desktop\discord.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\discord.exe "C:\Users\user\Desktop\discord.exe"
      Source: C:\Users\user\Desktop\discord.exeProcess created: C:\Users\user\Desktop\discord.exe "C:\Users\user\Desktop\discord.exe"
      Source: C:\Users\user\Desktop\discord.exeProcess created: C:\Users\user\Desktop\discord.exe "C:\Users\user\Desktop\discord.exe"Jump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: libffi-8.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: vcruntime140_1.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: pdh.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: libcrypto-1_1.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: libssl-1_1.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: libcrypto-1_1.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\discord.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
      Source: discord.exeStatic PE information: Image base 0x140000000 > 0x60000000
      Source: discord.exeStatic file information: File size 11872129 > 1048576
      Source: discord.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb** source: discord.exe, 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb source: discord.exe, 00000002.00000002.1424704978.00007FFB0BE83000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr
      Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: discord.exe, 00000000.00000003.1383187750.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1430423395.00007FFB1D893000.00000002.00000001.01000000.00000011.sdmp, select.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: discord.exe, 00000000.00000003.1367476435.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1429947748.00007FFB1D342000.00000002.00000001.01000000.0000001B.sdmp, _uuid.pyd.0.dr
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: discord.exe, 00000002.00000002.1424344939.00007FFB0BE06000.00000002.00000001.01000000.00000014.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: discord.exe, 00000000.00000003.1364997506.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1429789319.00007FFB1C55D000.00000002.00000001.01000000.00000009.sdmp
      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: discord.exe, 00000002.00000002.1424008287.00007FFB0BC8E000.00000002.00000001.01000000.00000015.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb source: discord.exe, 00000002.00000002.1424908800.00007FFB0BEFC000.00000002.00000001.01000000.0000000D.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: discord.exe, 00000000.00000003.1366505336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1430172509.00007FFB1D5B3000.00000002.00000001.01000000.00000017.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: discord.exe, 00000000.00000003.1364648908.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1431775976.00007FFB1E681000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb!! source: discord.exe, 00000002.00000002.1424704978.00007FFB0BE83000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: discord.exe, 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: discord.exe, 00000000.00000003.1364648908.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1431775976.00007FFB1E681000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: discord.exe, 00000000.00000003.1366045327.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmp, _hashlib.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1429621561.00007FFB1C53C000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: discord.exe, 00000000.00000003.1364853828.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1430869630.00007FFB1E0E5000.00000002.00000001.01000000.0000000C.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
      Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: discord.exe, 00000000.00000003.1366197110.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1429621561.00007FFB1C53C000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: discord.exe, 00000002.00000002.1431423223.00007FFB1E100000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdb source: win32ui.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\_win32sysloader.pdb source: discord.exe, 00000000.00000003.1384079521.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32trace.pdb source: discord.exe, 00000000.00000003.1384378046.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: discord.exe, 00000002.00000002.1424344939.00007FFB0BE06000.00000002.00000001.01000000.00000014.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
      Source: Binary string: .Pdb'L source: discord.exe
      Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: discord.exe, 00000000.00000003.1373851881.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419288642.000002009EF90000.00000002.00000001.01000000.00000006.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: discord.exe, 00000000.00000003.1366833336.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmp, _socket.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb source: discord.exe, 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: discord.exe, 00000000.00000003.1383708141.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1423192127.00007FFB0BA00000.00000002.00000001.01000000.0000001A.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb}},GCTL source: discord.exe, 00000002.00000002.1424908800.00007FFB0BEFC000.00000002.00000001.01000000.0000000D.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\python311.pdb source: discord.exe, 00000002.00000002.1425360473.00007FFB0C2D3000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
      Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: discord.exe, 00000002.00000002.1424008287.00007FFB0BC8E000.00000002.00000001.01000000.00000015.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: discord.exe, 00000000.00000003.1364853828.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1430869630.00007FFB1E0E5000.00000002.00000001.01000000.0000000C.sdmp
      Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: discord.exe, 00000002.00000002.1424008287.00007FFB0BD10000.00000002.00000001.01000000.00000015.sdmp
      Source: VCRUNTIME140.dll.0.drStatic PE information: 0x8E79CD85 [Sat Sep 30 01:19:01 2045 UTC]
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4E15E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF60A4E15E0
      Source: md__mypyc.cp311-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x2d0f2
      Source: _win32sysloader.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x461e
      Source: win32trace.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x78df
      Source: pyarmor_runtime.pyd.0.drStatic PE information: real checksum: 0x9fa51 should be: 0xa7a13
      Source: pywintypes311.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x24bee
      Source: win32api.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x27e47
      Source: _psutil_windows.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1f645
      Source: win32ui.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x11d72e
      Source: md.cp311-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x8d57
      Source: pythoncom311.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xa5763
      Source: discord.exeStatic PE information: section name: /4
      Source: discord.exeStatic PE information: section name: .xdata
      Source: python311.dll.0.drStatic PE information: section name: PyRuntim
      Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
      Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
      Source: mfc140u.dll.0.drStatic PE information: section name: .didat
      Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
      Source: pyarmor_runtime.pyd.0.drStatic PE information: section name: .xdata
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C52D390 push rsi; iretd 2_2_00007FFB1C52D3A5
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C52D418 push rsi; retf 2_2_00007FFB1C52D419
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32\pythoncom311.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\select.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\win32\win32api.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\_socket.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\libffi-8.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\psutil\_psutil_windows.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\_queue.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\VCRUNTIME140_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\_bz2.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\_decimal.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\unicodedata.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\_lzma.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\_ssl.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\_ctypes.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin\mfc140u.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\libcrypto-1_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\python311.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32\pywintypes311.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\win32\win32trace.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin\win32ui.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\_hashlib.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\VCRUNTIME140.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\python3.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\win32\_win32sysloader.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\_uuid.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26642\libssl-1_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4E59C0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF60A4E59C0
      Source: C:\Users\user\Desktop\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Yara detected AntiVM5
      Source: Yara matchFile source: 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: discord.exe PID: 6368, type: MEMORYSTR
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32\pythoncom311.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\select.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\win32\win32api.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\_socket.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\psutil\_psutil_windows.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\_queue.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\_bz2.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\_decimal.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\unicodedata.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\_lzma.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\_ssl.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\_ctypes.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin\mfc140u.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\python311.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32\pywintypes311.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\win32\win32trace.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin\win32ui.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\_hashlib.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\python3.dllJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\win32\_win32sysloader.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\_uuid.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26642\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
      Source: C:\Users\user\Desktop\discord.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-10158
      Source: C:\Users\user\Desktop\discord.exeAPI coverage: 2.8 %
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4E93B0 FindFirstFileExW,FindClose,0_2_00007FF60A4E93B0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4E93B0 FindFirstFileExW,FindClose,2_2_00007FF60A4E93B0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1E0FF6B8 GetSystemInfo,VirtualAlloc,2_2_00007FFB1E0FF6B8
      Source: discord.exe, 00000000.00000003.1368275257.000001B1574D1000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
      Source: discord.exe, 00000002.00000003.1393385475.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395183757.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1394113181.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE42FF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB0BE42FF8
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4E15E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF60A4E15E0
      Source: C:\Users\user\Desktop\discord.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\discord.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\discord.exeCode function: 0_2_00007FF60A4E1154 Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,exit,_cexit,0_2_00007FF60A4E1154
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FF60A4E1154 Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,exit,_cexit,2_2_00007FF60A4E1154
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE42FF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB0BE42FF8
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE425B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB0BE425B0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1BB13F80 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1BB13F80
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1BB14550 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1BB14550
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C2E2BC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1C2E2BC0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C2E2600 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1C2E2600
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C4FE53C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1C4FE53C
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C4FF654 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1C4FF654
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C4FF83C SetUnhandledExceptionFilter,2_2_00007FFB1C4FF83C
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C5335E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1C5335E0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C533BB0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1C533BB0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1D341460 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1D341460
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1D341A30 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1D341A30
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1D5B14F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1D5B14F0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1D5B1AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1D5B1AC0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1D891530 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1D891530
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1D891B00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1D891B00
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1E0F5CC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1E0F5CC0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1E0F6264 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1E0F6264
      Source: C:\Users\user\Desktop\discord.exeProcess created: C:\Users\user\Desktop\discord.exe "C:\Users\user\Desktop\discord.exe"Jump to behavior
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C4F7CD0 PyArg_ParseTuple,PyExc_TypeError,PyErr_SetString,GetSecurityDescriptorDacl,free,SetSecurityDescriptorDacl,GetSecurityDescriptorOwner,free,GetSecurityDescriptorGroup,free,free,free,2_2_00007FFB1C4F7CD0
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C4F8B50 _PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,_PyArg_ParseTuple_SizeT,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy,2_2_00007FFB1C4F8B50
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\_ctypes.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\certifi VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\libcrypto-1_1.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\libffi-8.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\libssl-1_1.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\psutil VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pyarmor_runtime_000000 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\python311.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\select.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\unicodedata.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\VCRUNTIME140.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\VCRUNTIME140_1.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\_bz2.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\_bz2.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\_lzma.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32\pywintypes311.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32\pythoncom311.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32\win32api.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpnuw20qxi VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pyarmor_runtime_000000 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pyarmor_runtime_000000 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pyarmor_runtime_000000 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\_socket.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\select.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\psutil VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\psutil VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\psutil VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\_ssl.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\_hashlib.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\_queue.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer\md.cp311-win_amd64.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer\md__mypyc.cp311-win_amd64.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\unicodedata.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\certifi\cacert.pem VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpnuw20qxi VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpnuw20qxi\gen_py\__init__.py VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpnuw20qxi\gen_py\dicts.dat VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeQueries volume information: C:\Users\user\Desktop\discord.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB0BE42BAC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_00007FFB0BE42BAC
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C2E45E8 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FFB1C2E45E8
      Source: C:\Users\user\Desktop\discord.exeCode function: 2_2_00007FFB1C2E5610 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FFB1C2E5610

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Native API      		1
      DLL Side-Loading      		11
      Process Injection      		11
      Process Injection      		OS Credential Dumping1
      System Time Discovery      		Remote Services1
      Archive Collected Data      		22
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		LSASS Memory11
      Security Software Discovery      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
      Obfuscated Files or Information      		Security Account Manager1
      System Network Configuration Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Timestomp      		NTDS1
      File and Directory Discovery      		Distributed Component Object ModelInput Capture2
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets13
      System Information Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      discord.exe100%AviraHEUR/AGEN.1354936

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin\mfc140u.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin\win32ui.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\VCRUNTIME140.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\VCRUNTIME140_1.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\_bz2.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\_ctypes.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\_decimal.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\_hashlib.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\_lzma.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\_queue.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\_socket.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\_ssl.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\_uuid.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer\md.cp311-win_amd64.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer\md__mypyc.cp311-win_amd64.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\libcrypto-1_1.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\libffi-8.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\libssl-1_1.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\psutil\_psutil_windows.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\python3.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\python311.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32\pythoncom311.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32\pywintypes311.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\select.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\unicodedata.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\win32\_win32sysloader.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\win32\win32api.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI26642\win32\win32trace.pyd0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://repository.swisssign.com/T0%Avira URL Cloudsafe
      https://github.cmt0%Avira URL Cloudsafe
      http://9x9o.com/ss122007.txt0%Avira URL Cloudsafe
      https://requests.readthedocs.io00%Avira URL Cloudsafe
      http://ocsp.accv.ese0%Avira URL Cloudsafe
      http://www.opensource.org/licenses/mit-license.phptrols0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      api.ipify.org
      		172.67.74.152
      		truefalse
        		high
        s-part-0035.t-0009.t-msedge.net
        		13.107.246.63
        		truefalse
          		high
          time.windows.com
          		unknown
          		unknownfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://github.com/giampaolo/psutil/issues/875.discord.exe, 00000002.00000002.1420127496.00000200A1200000.00000004.00001000.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1393385475.00000200A0F0A000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://requests.readthedocs.io0discord.exe, 00000002.00000002.1422286505.00000200A1BA0000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://9x9o.com/ss122007.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://github.com/mhammond/pywin32discord.exe, discord.exe, 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmp, discord.exe, 00000002.00000002.1425079517.00007FFB0BF44000.00000002.00000001.01000000.0000000D.sdmp, discord.exe, 00000002.00000002.1424750135.00007FFB0BE91000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.drfalse
                		high
                http://crl.dhimyotis.com/certignarootca.crl0discord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1389071314.000002009EE71000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395434057.000002009EE6B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1385892583.00000200A07C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1390242567.000002009EE71000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://www.opensource.org/licenses/mit-license.phptrolsdiscord.exe, 00000002.00000002.1422286505.00000200A1BA0000.00000004.00001000.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.dhimyotis.com/certignarootca.crl=discord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://goo.gl/zeJZl.discord.exe, 00000002.00000002.1420127496.00000200A1200000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://tools.ietf.org/html/rfc2388#section-4.4discord.exe, 00000002.00000002.1419619543.00000200A0D0F000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64discord.exe, 00000002.00000002.1419619543.00000200A0D0F000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.opensource.org/licenses/mit-license.phpdiscord.exe, 00000002.00000003.1400178351.00000200A172C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A172C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0FFD000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402629986.00000200A173D000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1422286505.00000200A1BA0000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963discord.exe, 00000002.00000002.1421794958.00000200A1770000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://peps.python.org/pep-0205/discord.exe, 00000002.00000002.1419437789.00000200A08C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.dhimyotis.com/certignarootca.crldiscord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://curl.haxx.se/rfc/cookie_spec.htmldiscord.exe, 00000002.00000003.1397650916.00000200A152F000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1422064794.00000200A1A70000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://ocsp.accv.esdiscord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://repository.swisssign.com/Tdiscord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://raw.githubusercontent.com/gabjohn3/nb/main/pc_platforms.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://google.com/api/195988555454cached__discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxydiscord.exe, 00000002.00000002.1421882209.00000200A1870000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688discord.exe, 00000002.00000002.1419437789.00000200A0948000.00000004.00001000.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1385892583.00000200A07C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.cmtdiscord.exe, 00000000.00000002.1433069941.000001B15763C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://httpbin.org/getdiscord.exe, 00000002.00000002.1422064794.00000200A1A70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.python.org/3/library/functools.html#functools.lru_cache.discord.exe, 00000002.00000003.1393742371.00000200A108B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1393385475.00000200A105C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlUdiscord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://raw.githubusercontent.com/gabjohn3/nb/main/mac_list.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://wwww.certigna.fr/autorites/0mdiscord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerdiscord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1389071314.000002009EE71000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395434057.000002009EE6B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1385892583.00000200A07C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1390242567.000002009EE71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://mail.python.org/pipermail/python-dev/2012-June/120787.html.discord.exe, 00000002.00000002.1420127496.00000200A1200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://httpbin.org/discord.exe, 00000002.00000002.1419619543.00000200A0D0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://raw.githubusercontent.com/gabjohn3/nb/main/hwid_list.txt0discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://wwww.certigna.fr/autorites/discord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.cl.cam.ac.uk/~mgk25/iso-time.htmldiscord.exe, 00000002.00000003.1391031387.00000200A1020000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1391031387.00000200A0FD1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://raw.githubusercontent.com/gabjohn3/nb/main/BaseBoard_Manufacturer_List.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sydiscord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1389071314.000002009EE71000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395434057.000002009EE6B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1385892583.00000200A07C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1390242567.000002009EE71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://raw.githubusercontent.com/gabjohn3/nb/main/DiskDrive_Serial_List.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.python.org/psf/license/discord.exe, 00000002.00000002.1425638488.00007FFB0C368000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drfalse
                                                                                		high
                                                                                http://crl.securetrust.com/SGCA.crlamicClasdiscord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.securetrust.com/STCA.crldiscord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://wwwsearch.sf.net/):discord.exe, 00000002.00000003.1400911569.00000200A1489000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1489000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1397650916.00000200A152F000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A148F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://ipinfo.io/discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.accv.es/legislacion_c.htmdiscord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.3discord.exe, 00000002.00000002.1421965201.00000200A1970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://crl.xrampsecurity.com/XGCA.crl0discord.exe, 00000002.00000003.1400178351.00000200A1620000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400911569.00000200A1489000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.cert.fnmt.es/dpcs/discord.exe, 00000002.00000003.1400178351.00000200A1667000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://google.com/maildiscord.exe, 00000002.00000003.1398582500.00000200A1460000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398257642.00000200A10C3000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402532700.00000200A1456000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://packaging.python.org/specifications/entry-points/discord.exe, 00000002.00000002.1421882209.00000200A1870000.00000004.00001000.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398257642.00000200A10C3000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1421965201.00000200A1970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.accv.es00discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pydiscord.exe, 00000002.00000003.1390242567.000002009EE71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmdiscord.exe, 00000002.00000003.1391031387.00000200A1020000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1391031387.00000200A0FD1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://foss.heptapod.net/pypy/pypy/-/issues/3539discord.exe, 00000002.00000002.1421794958.00000200A1770000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.discord.exe, 00000002.00000002.1419810127.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398257642.00000200A10C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://google.com/discord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://mahler:8092/site-updates.pydiscord.exe, 00000002.00000003.1401539847.00000200A155B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398023667.00000200A1561000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A155B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://crl.securetrust.com/SGCA.crldiscord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://.../back.jpegdiscord.exe, 00000002.00000002.1422064794.00000200A1B18000.00000004.00001000.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400911569.00000200A151E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.python.org/download/releases/2.3/mro/.discord.exe, 00000002.00000002.1419437789.00000200A08C0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                          		high
                                                                                                                          https://httpbin.org/postdiscord.exe, 00000002.00000003.1393385475.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395183757.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1394113181.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://raw.githubusercontent.com/gabjohn3/nb/main/ip_list.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/Ousret/charset_normalizerdiscord.exe, 00000002.00000003.1400911569.00000200A14C8000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A14C8000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A14B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://ocsp.accv.esediscord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://www.firmaprofesional.com/cps0discord.exe, 00000002.00000003.1400911569.00000200A1489000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A148F000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A16A2000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400178351.00000200A16A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/urllib3/urllib3/issues/2920discord.exe, 00000002.00000003.1398582500.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1421882209.00000200A1870000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://crl.securetrust.com/SGCA.crl0discord.exe, 00000002.00000003.1400178351.00000200A1620000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://raw.githubusercontent.com/gabjohn3/nb/main/BaseBoard_Manufacturer_List.txtpyd0discord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://yahoo.com/discord.exe, 00000002.00000003.1398582500.00000200A1460000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398257642.00000200A10C3000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402532700.00000200A1456000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crl.securetrust.com/STCA.crl0discord.exe, 00000002.00000003.1400178351.00000200A1620000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://raw.githubusercontent.com/gabjohn3/nb/main/hwid_list.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://raw.githubusercontent.com/gabjohn3/nb/main/BIOS_Serial_List.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://api.ipify.orgdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6discord.exe, 00000002.00000003.1395056963.00000200A13FB000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395183757.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0FD9000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395056963.00000200A142E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://html.spec.whatwg.org/multipage/discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.quovadisglobal.com/cps0discord.exe, 00000002.00000002.1419810127.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A10C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crldiscord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsdiscord.exe, 00000002.00000002.1421882209.00000200A1870000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://raw.githubusercontent.com/gabjohn3/nb/main/MachineGuid.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.rfc-editor.org/rfc/rfc8259#section-8.1discord.exe, 00000002.00000002.1419810127.00000200A0FD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.iana.org/time-zones/repository/tz-link.htmldiscord.exe, 00000002.00000003.1391031387.00000200A1020000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1391094853.00000200A0FBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://github.com/giampaolo/psutil/issues/1659discord.exe, 00000002.00000003.1393742371.00000200A108B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1393385475.00000200A105C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://raw.githubusercontent.com/gabjohn3/nb/main/HwProfileGuid_List.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://requests.readthedocs.iodiscord.exe, 00000002.00000003.1393385475.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395183757.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1394113181.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1422286505.00000200A1BA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://repository.swisssign.com/discord.exe, 00000002.00000002.1420318408.00000200A1620000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://api.ipify.org/discord.exe, 00000002.00000002.1422574989.00000200A2508000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://raw.githubusercontent.com/gabjohn3/nb/main/CPU_Serial_List.txtdiscord.exe, 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://crl.xrampsecurity.com/XGCA.crldiscord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.python.orgdiscord.exe, 00000002.00000003.1393385475.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1395183757.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A0F00000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1394113181.00000200A0F7C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/discord.exe, 00000002.00000003.1400911569.00000200A14C8000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A14C8000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1396717966.00000200A14C8000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A14B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.accv.es/legislacion_c.htm0Udiscord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://ocsp.accv.es0discord.exe, 00000002.00000003.1400178351.00000200A1643000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1643000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.python.org/discord.exe, 00000002.00000003.1401539847.00000200A155B000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398023667.00000200A1561000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A155B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://json.orgdiscord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://twitter.com/discord.exe, 00000002.00000003.1400911569.00000200A151E000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1517000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400911569.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A14DA000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1520000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419619543.00000200A0D0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://stackoverflow.com/questions/4457745#4457745.discord.exe, 00000002.00000002.1420127496.00000200A1200000.00000004.00001000.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1393385475.00000200A0F0A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://crl.securetrust.com/STCA.crltsdiscord.exe, 00000002.00000002.1419135629.000002009EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://www.quovadisglobal.com/cpsdiscord.exe, 00000002.00000003.1400911569.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A14DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://google.com/discord.exe, 00000002.00000003.1398582500.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A1517000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419810127.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402683175.00000200A10C7000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A13D5000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1400911569.00000200A1501000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1420318408.00000200A14DA000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398582500.00000200A1520000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1398257642.00000200A10C3000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000003.1402532700.00000200A1456000.00000004.00000020.00020000.00000000.sdmp, discord.exe, 00000002.00000002.1419619543.00000200A0D0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        172.67.74.152
                                                                                                                                                                                                        		api.ipify.orgUnited States
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1573184
                                                                                                                                                                                                        Start date and time:2024-12-11 16:16:17 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 5m 13s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:4
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:discord.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal56.evad.winEXE@3/34@2/1
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                        • Number of executed functions: 67
                                                                                                                                                                                                        • Number of non-executed functions: 342
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 40.81.94.65, 13.107.246.63
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, twc.trafficmanager.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                        • VT rate limit hit for: discord.exe

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        172.67.74.152jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/?format=text
                                                                                                                                                                                                        malware.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        Simple1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        Simple2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        s-part-0035.t-0009.t-msedge.netDocument.xlaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                        Message_2713712.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                        FreebieNotes.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                        xeroxscan.DocxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                        xeroxscan.DocxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                        xeroxscan.DocxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                        https://www.officested.com/eur/14cb4ab4-62b8-45a2-a944-e225383ee1f9/bbd2fe64-a7e1-4036-87ed-fa296dec6eb4/3966c028-c5bc-45c3-932e-642ccbdd8bca/login?id=Zjc0eUxaVU1jVElZSFBZVWJoQXgrZGErVWw5TzBLNllUbTV2WGJKbjRIbk00VFJpTUxwZzJJWnZ2dnBXZjVyYldlWk9NOTQ4WGViVXUzUkI3TmFGdXhRQU9kWDdUUlFXRnlMaUdhZWVuVE9tdnc5bjFNaWs1M1ozTkRnUldwUHdHQ2gzNmRGTDZUM0pkbVExc2Vxa05lWExvQU5WZTFibEpLeXJwM0RIYWJKUjkrWlBZNU5DRUFuTzc0dEZVb2tyOUlxMkVRK0pHSEllMFZLZkJTSXorK2Nady9WcmlFRUJVRkFZRXFrRkhmQ3pPTktuS2djQkVyQ2krUWpEZGlBY2ZCUi9neElRTFVINExCdkNIeVc1bXROSlNLaW9YYUlkWGZ4aFVDSVlIME5VMjY5MUQwRzd1cXBsSEpsZWYyR0pWaUdVdi9wZ3pHckJoK3FCNDRxN3huQzhhVXY5WU5PcWpoRDdDU3FZUWtUWDg2amJyWjQ0ZHhhOGprZGZUU0czOWhHaEFjZnhCR0JRdGlzVUp5ZVJqSmtSOWtvRE90VWp2SWJMb1VUNWpvTT0Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                        Purchase order docs..exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                        DHL_73482551429387.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                        api.ipify.orgjgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        QUOTATION#08670.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        INVOICE NO. USF23-24072 IGR23110.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                        SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                        EEMsLiXoiTzoaDd.scrGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        Statement 2024-11-29 (K07234).exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                        Employee_Letter.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                        1mr7lpFIVI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                        jKDBppzWTb.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        enyi.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                        • 104.26.13.205

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        CLOUDFLARENETUShttps://k24ff6gz45c4x46.s3.us-east-2.amazonaws.com/jju7km098u77gg/jj8hvff47g8iiu8/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.17.25.14
                                                                                                                                                                                                        https://www.google.com.hk/url?q=KWUZMS42J831JSWOSF4KEIP36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fasubiad.online/grieksm/366a15ae094dd43620eb959537cb323e8fcdb76b/bWZpbm5lZ2FuQHVzY2hhbWJlci5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.16.123.96
                                                                                                                                                                                                        http://sharadniti.com/floridacuGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 1.1.1.1
                                                                                                                                                                                                        https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 104.18.41.169
                                                                                                                                                                                                        https://app.signitic.com/l/aWRMVnlrQ0g4NXZzVTh6eGpEV2N6UT09-MG1ORVZRQWgwZXZXZVQwS3pYcjdDdz09Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.17.25.14
                                                                                                                                                                                                        01152-11-12-24.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 104.21.24.198
                                                                                                                                                                                                        Message_2712729.emlGet hashmaliciousunknownBrowse
                                                                                                                                                                                                        • 1.1.1.1
                                                                                                                                                                                                        FreebieNotes.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 104.21.32.1

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin\mfc140u.dllmain.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                              Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                SecuriteInfo.com.Python.Stealer.1251.9496.6786.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                  SecuriteInfo.com.Python.Stealer.1251.9496.6786.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                    SecuriteInfo.com.FileRepMalware.25861.18393.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      SecuriteInfo.com.FileRepMalware.25861.18393.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        oconsole.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          oconsole.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin\win32ui.pydmain.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                                Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                                  SecuriteInfo.com.Python.Stealer.1251.9496.6786.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                                    SecuriteInfo.com.Python.Stealer.1251.9496.6786.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse

                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5653536
                                                                                                                                                                                                                                      Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                      MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                      SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                      SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                      SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                      • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: Payload.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: Payload.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.FileRepMalware.25861.18393.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.FileRepMalware.25861.18393.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: oconsole.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: oconsole.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1143296
                                                                                                                                                                                                                                      Entropy (8bit):6.0410832425584795
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:dk6co2gGIs7ZetrV6LMEsKK+Onc8fUqzFVVppS6yZAXz:dkG2QQetrgsK79qzFHL
                                                                                                                                                                                                                                      MD5:F0116137D0674482247D056642DC06BF
                                                                                                                                                                                                                                      SHA1:5BB63FCF5E569D94B61383D1921F758BCC48EF81
                                                                                                                                                                                                                                      SHA-256:8ECA3ED313003D3F3DEE1B7A5CE90B50E8477EC6E986E590E5ED91C919FC7564
                                                                                                                                                                                                                                      SHA-512:A8D6420C491766302C615E38DAF5D9B1698E5765125FD256530508E5C0A5675A7BF2F338A22368E0B4DDFA507D8D377507376C477CF9B829E28F3C399203CDE6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                      • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: Payload.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: Payload.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.K.K...K...K...3]..K..Y>...K.......K...3...K...>...K...>...K...>...K...K...M...>...K..Y>...K..Y>...K..Y>1..K..Y>...K..Rich.K..........................PE..d......g.........." .........r......4.....................................................`.........................................`....T..hr..h...............................l\......T.......................(.......8................0...........................text............................... ..`.rdata..|...........................@..@.data...............................@....pdata...............d..............@..@.rsrc...............................@..@.reloc..l\.......^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):109392
                                                                                                                                                                                                                                      Entropy (8bit):6.643764685776923
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:DcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/Auecbq8qZU34zW/K0zD:DV3iC0h9q4v6XjKAuecbq8qGISb/
                                                                                                                                                                                                                                      MD5:870FEA4E961E2FBD00110D3783E529BE
                                                                                                                                                                                                                                      SHA1:A948E65C6F73D7DA4FFDE4E8533C098A00CC7311
                                                                                                                                                                                                                                      SHA-256:76FDB83FDE238226B5BEBAF3392EE562E2CB7CA8D3EF75983BF5F9D6C7119644
                                                                                                                                                                                                                                      SHA-512:0B636A3CDEFA343EB4CB228B391BB657B5B4C20DF62889CD1BE44C7BEE94FFAD6EC82DC4DB79949EDEF576BFF57867E0D084E0A597BF7BF5C8E4ED1268477E88
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d.....y..........." ...".....`.......................................................5....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):49488
                                                                                                                                                                                                                                      Entropy (8bit):6.652691609629867
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:8EgYXUcHJcUJSDW/tfxL1qBS3hO6nb/TEHEXi9zufUKQXi9zug:8vGS8fZ1eUpreA+zuTc+zug
                                                                                                                                                                                                                                      MD5:BBA9680BC310D8D25E97B12463196C92
                                                                                                                                                                                                                                      SHA1:9A480C0CF9D377A4CAEDD4EA60E90FA79001F03A
                                                                                                                                                                                                                                      SHA-256:E0B66601CC28ECB171C3D4B7AC690C667F47DA6B6183BFF80604C84C00D265AB
                                                                                                                                                                                                                                      SHA-512:1575C786AC3324B17057255488DA5F0BC13AD943AC9383656BAF98DB64D4EC6E453230DE4CD26B535CE7E8B7D41A9F2D3F569A0EFF5A84AEB1C2F9D6E3429739
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............L...L...L...M...L...M...L.FL...L...L...L...M...L...M...L...M...L...M...L..*L...L...M...LRich...L........................PE..d...%CU..........." ...".<...8.......A...............................................@....`A........................................0m.......m..x....................r..PO......D....c..p...........................pb..@............P..h............................text...0:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\_bz2.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):83320
                                                                                                                                                                                                                                      Entropy (8bit):6.534357225224291
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:KouLz7p5TcaWlZkKWVa5cP6T8MsAUxZIgtVt7SyKrPxji2:JuLz9tVaDQMslxZIgtVtozxj/
                                                                                                                                                                                                                                      MD5:10D42EFAC304861AD19821B4594FA959
                                                                                                                                                                                                                                      SHA1:1A65F60BBA991BC7E9322AF1E19F193DAE76D77A
                                                                                                                                                                                                                                      SHA-256:8EECDCC250637652E6BABC306EA6B8820E9E835DDD2434816D0E0FD0CA67FD14
                                                                                                                                                                                                                                      SHA-512:3F16DBA627A133586E9D1C16D383B9461424D31892278AB984F7E6932A1CDC51445E1BEC017A665BD66C0F2A9BA417387FECC5FDEDE36D67F8343B82A2CEB9AE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................a.........................................t.........................................Rich....................PE..d...j..c.........." ...".....^......,........................................P............`.........................................p...H............0....... .. .......x)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\_ctypes.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):123256
                                                                                                                                                                                                                                      Entropy (8bit):5.999431491646041
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:aBxSn2prY3+52vWqw9RQfLIgRr5kNIgQPUZxhT:acuY3+uWHQfLIIkFT
                                                                                                                                                                                                                                      MD5:DF6BE515E183A0E4DBE9CDDA17836664
                                                                                                                                                                                                                                      SHA1:A5E8796189631C1AACA6B1C40BC5A23EB20B85DB
                                                                                                                                                                                                                                      SHA-256:AF598AE52DDC6869F24D36A483B77988385A5BBBF4618B2E2630D89D10A107EE
                                                                                                                                                                                                                                      SHA-512:B3F23530DE7386CC4DCF6AD39141240E56D36322E3D4041E40D69D80DD529D1F8EF5F65B55CDCA9641E378603B5252ACFE5D50F39F0C6032FD4C307F73EF9253
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................................................u.................D........?...u.....u.....u.x....u.....Rich...........................PE..d...p..c.........." ...".............\..............................................Z"....`..........................................P.......Q..........................x)..............T...........................`...@............................................text............................... ..`.rdata...l.......n..................@..@.data...$=...p...8...`..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\_decimal.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):251768
                                                                                                                                                                                                                                      Entropy (8bit):6.5390336301750915
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:3Zu25e1itIj95vlqyhw+H8DOdKd2vk6LhKwwI9qWM53pLW1AxzwhtTYW3iQ:Jhe1oIj7vlpN8D0KA3swwJ/wzTYWf
                                                                                                                                                                                                                                      MD5:A1FFC2A156E9266932C351A88E5E7FAB
                                                                                                                                                                                                                                      SHA1:EBFC901C28035264FBB5B0F30E68AB3B45410D13
                                                                                                                                                                                                                                      SHA-256:B8409829DC4FDE70F38754DE55D3090A1CD52C78FFECE2A08572A58DE3AF294D
                                                                                                                                                                                                                                      SHA-512:74FECAAC362DEFF5139EA8553142BA7E8A7740B757A06EDF16CF4A9320A20E7A1567380BFE2F40A3B7E8508F9715EFEDF27C6C23D2B2FB3ED7664CB81F6D58D9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|RTy..Ty..Ty..]...Zy......Vy......Yy......\y......Py......Wy......Vy..Ty...y......Uy......[y......Uy......Uy......Uy..RichTy..........PE..d...]..c.........." ...".v...<......................................................".....`..........................................S..P...@T...................&......x)......P.......T...........................@...@............................................text....u.......v.................. ..`.rdata...............z..............@..@.data....*...p...$...R..............@....pdata...&.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\_hashlib.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):63864
                                                                                                                                                                                                                                      Entropy (8bit):6.167124957336244
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:aS8njpHxGkYjEbEJkn8cw6TxIg5Iyv7SyKPxk:InjpHxYJ8w6TxIg5IyvMxk
                                                                                                                                                                                                                                      MD5:F419AC6E11B4138EEA1FE8C86689076A
                                                                                                                                                                                                                                      SHA1:886CDA33FA3A4C232CAA0FA048A08380971E8939
                                                                                                                                                                                                                                      SHA-256:441D32922122E59F75A728CC818F8E50613866A6C3DEC627098E6CC6C53624E2
                                                                                                                                                                                                                                      SHA-512:6B5AA5F5FBC00FB48F49B441801EE3F3214BD07382444569F089EFB02A93CE907F6F4E0DF281BDA81C80F2D6A247B0ADC7C2384A2E484BC7EF43B43C84756D2B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.A.>...>...>...F2..>...B...>...B...>...B...>...B...>..iB...>...L...>...D...>...>..Q>..iB...>..iB...>..iB^..>..iB...>..Rich.>..........................PE..d...y..c.........." ...".T...~......@?..............................................T.....`.............................................P.......................,.......x)......\...0}..T............................{..@............p..(............................text...YR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\_lzma.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157560
                                                                                                                                                                                                                                      Entropy (8bit):6.834915161510991
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:jlirS97HrdVmEkGCm5heznf49mNo2OOvJ72ZIge1z7axC:jlirG0EkT7AYO2OQSE
                                                                                                                                                                                                                                      MD5:3230404A7191C6228A8772D3610E49E5
                                                                                                                                                                                                                                      SHA1:4E8E36C89B4FF440DDFF9A5B084B262C9B2394EC
                                                                                                                                                                                                                                      SHA-256:33AE42F744D2688BB7D5519F32FF7B7489B96F4EEA47F66D2009DBA6A0023903
                                                                                                                                                                                                                                      SHA-512:6ECCE0C8E8B3D42275D486E8FF495E81E36ADAAACAAA3DB37844E204FCDAA6D89CB3D81C43D9E16D938CD8B6671B8800FE74A1E723A9187B0566A8F3C39D5D5B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.*[&.D.&.D.&.D./...".D.i.E.$.D.i.A.*.D.i.@...D.i.G.%.D...E.%.D...E.$.D.&.E.@.D...I...D...D.'.D....'.D...F.'.D.Rich&.D.................PE..d...|..c.........." ...".b...........5...............................................0....`..........................................%..L...\%..x....p.......P.......>..x)......8.......T...........................p...@............................................text....a.......b.................. ..`.rdata..............f..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........p.......2..............@..@.reloc..8............<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\_queue.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):31096
                                                                                                                                                                                                                                      Entropy (8bit):6.359436989118125
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:o+yFs6rXkmk5sNIg7UOYiSyvqdPxWEpnl:o+wNXkP5sNIg7UO7SySdPx7l
                                                                                                                                                                                                                                      MD5:045EF55136B1E580582199B3399267A2
                                                                                                                                                                                                                                      SHA1:DE54519C67A996D0A8B4164417058F4610A57376
                                                                                                                                                                                                                                      SHA-256:39BD456267FE228A505EF4E9C8D28F948DD65123CB4D48B77DA51910013FA582
                                                                                                                                                                                                                                      SHA-512:7B764FDC92BF10EB05BDD4116A549DE67F0FA92F807D8B0ECA9D718361C546DBEC16EA68EF8DDEC1C417530C6EB234C657E45F8C522852AB1BD7CB21976DAD1C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._XF.1.F.1.F.1.O..D.1...0.D.1...4.J.1...5.N.1...2.E.1...0.E.1...0.D.1.F.0...1...<.G.1...1.G.1.....G.1...3.G.1.RichF.1.................PE..d...^..c.........." ...".....8.......................................................?....`..........................................C..L....C..d....p.......`.......P..x)..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\_socket.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):78208
                                                                                                                                                                                                                                      Entropy (8bit):6.237216760115608
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:/2JlcAdpEVuji9/s+S+pmGQRivVia3iNIgQw97Sy2Pxe:/27ce+uji9/sT+pmGdvVp3iNIgQw9cxe
                                                                                                                                                                                                                                      MD5:0FC65EC300553D8070E6B44B9B23B8C0
                                                                                                                                                                                                                                      SHA1:F8DB6AF578CF417CFCDDB2ED798C571C1ABD878F
                                                                                                                                                                                                                                      SHA-256:360744663FCE8DEC252ABBDA1168F470244FDB6DA5740BB7AB3171E19106E63C
                                                                                                                                                                                                                                      SHA-512:CBA375A815DB973B4E8BABDA951D1A4CA90A976E9806E9A62520A0729937D25DE8E600E79A7A638D77DF7F47001D8F884E88EE4497BD1E05C1DAE6FA67FB3DD8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z..|4..|4..|4......|4...5..|4...1..|4...0..|4...7..|4...5..|4..|5..|4.y.5..|4...9..|4...4..|4......|4...6..|4.Rich.|4.........................PE..d...|..c.........." ...".l...........%.......................................P......3:....`.........................................@...P............0....... ..x........)...@..........T...............................@............................................text....k.......l.................. ..`.rdata..Dt.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\_ssl.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):159616
                                                                                                                                                                                                                                      Entropy (8bit):5.995615055409981
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:EFrIQQey4VWR98w/PQQcXobuO0rGxn+SQOXLkd1ItS+Q8YuAfxZIgt7YZx:0EeRV29//4QcCuO7nyvx
                                                                                                                                                                                                                                      MD5:93905020F4158C5119D16EE6792F8057
                                                                                                                                                                                                                                      SHA1:EB613C31F26ED6D80681815193FFAFDF30314A07
                                                                                                                                                                                                                                      SHA-256:D9CC4358D9351FED11EEC03753A8FA8ED981A6C2246BBD7CB0B0A3472C09FDC4
                                                                                                                                                                                                                                      SHA-512:0DE43B4FAFDD39EAAFF6CAB613708D56B697C0C17505E4132D652FB3F878C2114F5E682745A41219193C75E783AEDE524685B77BD31620F8AFE9C7B250F92609
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,z..h.g,h.g,h.g,ac.,n.g,'gf-j.g,'gb-e.g,'gc-`.g,'gd-k.g,.gf-j.g,.af-l.g,h.f,..g,.if-o.g,.gj-j.g,.gg-i.g,.g.,i.g,.ge-i.g,Richh.g,........PE..d......c.........." ..."............l+..............................................l.....`.............................................d............`.......P.......F...)...p..4... ...T...............................@...............x............................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..4....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\_uuid.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):23936
                                                                                                                                                                                                                                      Entropy (8bit):6.534526451093787
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:ofwFpEWx6TfQZIgewfAIYiSy1pCQwpxPxh8E9VF0Ny82e:oqpEHjQZIgewxYiSyvIPxWEuV
                                                                                                                                                                                                                                      MD5:13CC10D148B921F68E218DD912CC6EE4
                                                                                                                                                                                                                                      SHA1:930CEF88B581FB4D1B88FBDBAF64D34EFA582F90
                                                                                                                                                                                                                                      SHA-256:D17E20063243A71B4331C7A8902451C6911FD87475EC918633C6388D6155CE52
                                                                                                                                                                                                                                      SHA-512:8AF81D78A778875E63F99D7434724D772147DA7EC07B88FB7094C9DCD02B86D08CE2BB3D3EE94D8C62156D2BF8331562B8C91B5E36A1278B64D0B6FD7EFF45E6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;$p^ZJ#^ZJ#^ZJ#W".#\ZJ#.&K"\ZJ#.&O"RZJ#.&N"VZJ#.&I"]ZJ#.&K"\ZJ#.(K"[ZJ#^ZK#tZJ#.&B"_ZJ#.&J"_ZJ#.&.#_ZJ#.&H"_ZJ#Rich^ZJ#................PE..d...f..c.........." ...".....&...... ........................................p............`.........................................`)..L....)..x....P.......@.......4...)...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\base_library.zip

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1437281
                                                                                                                                                                                                                                      Entropy (8bit):5.590853297284865
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24576:mQR5pATt7xm4lUKdcubgAnyfbTD0iwhBdYf9P3sGHH0:mQR5pQxmfjW
                                                                                                                                                                                                                                      MD5:9DC12EA9F7821873DA74C772ABB280F0
                                                                                                                                                                                                                                      SHA1:3F271C9F54BC7740B95EAA20DEBBD156EBD50760
                                                                                                                                                                                                                                      SHA-256:C5EC59385BFAC2A0AC38ABF1377360CD1FDDD05C31F8A8B4E44252E0E63ACB10
                                                                                                                                                                                                                                      SHA-512:A3175C170BBB28C199AB74AD3116E71F03F124D448BF0E9DD4AFCACDC08A7A52284CF858CFD7E72D35BD1E68C6BA0C2A1A0025199AEB671777977EA53E1F2535
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\certifi\cacert.pem

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):299427
                                                                                                                                                                                                                                      Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                      MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                      SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                      SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                      SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer\md.cp311-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                      Entropy (8bit):4.8208567868970675
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:Y0fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFuCQAAZWQcX6g8H4a81:gFCk2z1/t12iwU5usJFKCyHcqgg
                                                                                                                                                                                                                                      MD5:CBF62E25E6E036D3AB1946DBAFF114C1
                                                                                                                                                                                                                                      SHA1:B35F91EAF4627311B56707EF12E05D6D435A4248
                                                                                                                                                                                                                                      SHA-256:06032E64E1561251EA3035112785F43945B1E959A9BF586C35C9EA1C59585C37
                                                                                                                                                                                                                                      SHA-512:04B694D0AE99D5786FA19F03C5B4DD8124C4F9144CFE7CA250B48A3C0DE0883E06A6319351AE93EA95B55BBBFA69525A91E9407478E40AD62951F1D63D45FF18
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................X......o..............o.......o.......o......j..............n......n......n4.....n......Rich....................PE..d....#.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):121344
                                                                                                                                                                                                                                      Entropy (8bit):5.899699901799497
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:3Ives1m094QtwqlaZTwuQMS/Pf+vGTVmEU:3PsQIJmE
                                                                                                                                                                                                                                      MD5:BAC273806F46CFFB94A84D7B4CED6027
                                                                                                                                                                                                                                      SHA1:773FBC0435196C8123EE89B0A2FC4D44241FF063
                                                                                                                                                                                                                                      SHA-256:1D9ABA3FF1156EA1FBE10B8AA201D4565AE6022DAF2117390D1D8197B80BB70B
                                                                                                                                                                                                                                      SHA-512:EAEC1F072C2C0BC439AC7B4E3AEA6E75C07BD4CD2D653BE8500BBFFE371FBFE045227DAEAD653C162D972CCAADFF18AC7DA4D366D1200618B0291D76E18B125C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB............................................................................................Rich...........................PE..d....#.g.........." ...).2..........@4.......................................0............`.............................................d...d...................p............ ......@...................................@............P...............................text...x0.......2.................. ..`.rdata...Y...P...Z...6..............@..@.data....=.......0..................@....pdata..p...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\libcrypto-1_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3441504
                                                                                                                                                                                                                                      Entropy (8bit):6.097985120800337
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:8TKuk2CQIU6iV9OjPWgBqIVRIaEv5LY/RnQ2ETEvrPnkbsYNPsNwsML1CPwDv3u6:Vv+KRi5KsEKsY+NwsG1CPwDv3uFfJu
                                                                                                                                                                                                                                      MD5:6F4B8EB45A965372156086201207C81F
                                                                                                                                                                                                                                      SHA1:8278F9539463F0A45009287F0516098CB7A15406
                                                                                                                                                                                                                                      SHA-256:976CE72EFD0A8AEEB6E21AD441AA9138434314EA07F777432205947CDB149541
                                                                                                                                                                                                                                      SHA-512:2C5C54842ABA9C82FB9E7594AE9E264AC3CBDC2CC1CD22263E9D77479B93636799D0F28235AC79937070E40B04A097C3EA3B7E0CD4376A95ED8CA90245B7891F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a...2...2...2...2...2..3...2..3...2..3...2..3...2...2...2L.3...2..3...2..3.2..3...2..p2...2..3...2Rich...2........................PE..d...m..b.........." ... ..$...................................................4....../5...`..........................................h/..h...*4.@....`4.|....`2.....Z4.`)...p4..O....,.8...........................`.,.@............ 4..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......`2.......1.............@..@.idata..^#... 4..$....3.............@..@.00cfg..u....P4.......3.............@..@.rsrc...|....`4.......3.............@..@.reloc...x...p4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\libffi-8.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38232
                                                                                                                                                                                                                                      Entropy (8bit):6.57967863494938
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:4iQfxQemQJNrPN+mGyijAeYiSyvOPxWESW7t:YfxIQvPkmGyijj7SymPxlp
                                                                                                                                                                                                                                      MD5:D86A9D75380FAB7640BB950AEB05E50E
                                                                                                                                                                                                                                      SHA1:1C61AAF9022CD1F09A959F7B2A65FB1372D187D7
                                                                                                                                                                                                                                      SHA-256:68FBA9DD89BFAD35F8FD657B9AF22A8AEBDA31BFFDA35058A7F5AE376136E89B
                                                                                                                                                                                                                                      SHA-512:18437E64061221BE411A1587F634B4B8EFA60E661DBC35FD96A6D0E7EFF812752DE0ADA755C01F286EFEFC47FB5F2DAF07953B4CFC4119121B6BEE7756C88D0F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.r...........................Y...........;....................................................Rich............PE..d....-c.........." ...!.H...(.......L....................................................`......................................... l.......p..P...............P....l..X)......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\libssl-1_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):702816
                                                                                                                                                                                                                                      Entropy (8bit):5.547832370836076
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:UUnBMlBGdU/t0voUYHgqRJd7a7+JLvrfX7bOI8Fp0D6WuHU2lvzR:UN/t0vMnffOI8Fp0D6TU2lvzR
                                                                                                                                                                                                                                      MD5:8769ADAFCA3A6FC6EF26F01FD31AFA84
                                                                                                                                                                                                                                      SHA1:38BAEF74BDD2E941CCD321F91BFD49DACC6A3CB6
                                                                                                                                                                                                                                      SHA-256:2AEBB73530D21A2273692A5A3D57235B770DAF1C35F60C74E01754A5DAC05071
                                                                                                                                                                                                                                      SHA-512:FAC22F1A2FFBFB4789BDEED476C8DAF42547D40EFE3E11B41FADBC4445BB7CA77675A31B5337DF55FDEB4D2739E0FB2CBCAC2FEABFD4CD48201F8AE50A9BD90B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.p*..p*..p*......p*...+..p*.\.+..p*.../..p*......p*...)..p*...+..p*..p+.iq*......p*...*..p*.....p*...(..p*.Rich.p*.........PE..d......b.........." ... .B...T......<.....................................................`.........................................@A...N..@U..........s........M......`)......h...0...8...............................@............@..@............................text....@.......B.................. ..`.rdata..J/...`...0...F..............@..@.data...AM.......D...v..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............j..............@..@.rsrc...s............l..............@..@.reloc..l............t..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):67072
                                                                                                                                                                                                                                      Entropy (8bit):5.909456553599775
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                                                      MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                                                      SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                                                      SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                                                      SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\pyarmor_runtime_000000\pyarmor_runtime.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):631296
                                                                                                                                                                                                                                      Entropy (8bit):6.203979773542914
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:1pE0yRzkaywctjdcg7fUoPM5pSOnE7G1:Cctjdcg7fUoPM5pSOnq
                                                                                                                                                                                                                                      MD5:892A73390C93223518B1A7B5624F77D7
                                                                                                                                                                                                                                      SHA1:9D02DEBA198F6FE4BE2FE429DA3556F9ED3AAB33
                                                                                                                                                                                                                                      SHA-256:AD11E98C0EF951AC6E4AFD608D6BB2E7758157B838EE865F7499118A7E85E647
                                                                                                                                                                                                                                      SHA-512:59B14B40F1B00A0C61884157EB37EE29C8BD3D9D20CCF2C2BB7BE75BFBABAFE6CAA6B5F15BDA82701C077A7E4EAB4A8895BD44425DFBA783C33639E167CDF836
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".............h..0.........\e....................................Q......... .........................................].... ..l4...........@...#.......................................... ...(...................h+...............................text...............................`.P`.data....E... ...F..................@.`..rdata.......p.......P..............@.`@.pdata...#...@...$..................@.0@.xdata...&...p...(...:..............@.0@.bss.....f............................`..edata..]............b..............@.0@.idata..l4... ...6...d..............@.0..CRT....X....`......................@.@..tls.........p......................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\python3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):65912
                                                                                                                                                                                                                                      Entropy (8bit):6.084559408369445
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:xw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJS7:O/5k8cnzeJ4NIgQ0D7SyVPx5
                                                                                                                                                                                                                                      MD5:7FEB3DA304A2FEAD0BB07D06C6C6A151
                                                                                                                                                                                                                                      SHA1:EE4122563D9309926BA32BE201895D4905D686CE
                                                                                                                                                                                                                                      SHA-256:DDD2C77222E2C693EF73D142422D6BF37D6A37DEEAD17E70741B0AC5C9FE095B
                                                                                                                                                                                                                                      SHA-512:325568BCF1835DD3F454A74012F5D7C6877496068AD0C2421BF65E0640910AE43B06E920F4D0024277EEE1683F0CE27959843526D0070683DA0C02F1EAC0E7D2
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]{....e...e...e..fm...e..fe...e..f....e..fg...e.Rich..e.........................PE..d...S..c.........." ..."..................................................................`.........................................`...P...............................x)..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\python311.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5761912
                                                                                                                                                                                                                                      Entropy (8bit):6.088523424589967
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:qvpgHup+dhRXLPw3W47SrSUHfMWdPrjUOYmIF:qvpgHup+XJrYWYWdjUOYmU
                                                                                                                                                                                                                                      MD5:A72993488CECD88B3E19487D646F88F6
                                                                                                                                                                                                                                      SHA1:5D359F4121E0BE04A483F9AD1D8203FFC958F9A0
                                                                                                                                                                                                                                      SHA-256:AA1E959DCFF75A343B448A797D8A5A041EB03B27565A30F70FD081DF7A285038
                                                                                                                                                                                                                                      SHA-512:C895176784B9AC89C9B996C02EC0D0A3F7CD6EBF653A277C20DEC104DA6A11DB084C53DD47C7B6653A448D877AD8E5E79C27DB4EA6365EBB8CA2A78AA9C61B38
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................................m....l.................y........................Rich....................PE..d...H..c.........." ...".\%..27.....|J........................................\.....}.X...`...........................................@.....|TA......p[.......V.X0....W.x)....[..B....).T.............................).@............p%..............................text....Z%......\%................. ..`.rdata.......p%......`%.............@..@.data.........A..L...jA.............@....pdata..X0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc........p[......tV.............@..@.reloc...B....[..D...~V.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32\pythoncom311.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):670208
                                                                                                                                                                                                                                      Entropy (8bit):6.035999626973864
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:ngSkceIv3zBJBQoXNi4LCQqAOffa1tpd5g:gSkc/v3zB9NiEWfa
                                                                                                                                                                                                                                      MD5:31C1BF2ACA5DF417F6CE2618C3EEFE7E
                                                                                                                                                                                                                                      SHA1:4C2F7FE265FF28396D03BA0CAB022BBD1785DBF2
                                                                                                                                                                                                                                      SHA-256:1DAF7C87B48554F1481BA4431102D0429704832E42E3563501B1FFDD3362FCD1
                                                                                                                                                                                                                                      SHA-512:5723145F718CC659ADD658BA545C5D810E7032842907BAB5C2335E3DE7F20FE69B58AA42512FD67EA8C6AA133E59E0C26BD90700BDD0D0171AF6C1E1C73A2719
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..~f..-f..-f..-o..-l..-4..,b..-4..,q..-4..,n..-4..,b..-...,d..--..,k..-...,d..--..,o..-f..-5..-...,7..-...,g..-...,g..-Richf..-................PE..d...&..g.........." ......................................................................`..........................................U...c..(...........l....@...z............... ..P...T...............................8............................................text............................... ..`.rdata..x$.......&..................@..@.data....I..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\pywin32_system32\pywintypes311.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):134656
                                                                                                                                                                                                                                      Entropy (8bit):5.999117329459055
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:kLcVKY3tOSjPenBttgY/r06Yr27vJmxETaTX7wevxJ:kLcVKY3tOWPxY/rkqzJmxEmTXMev
                                                                                                                                                                                                                                      MD5:5D67ABF69A8939D13BEFB7DE9889B253
                                                                                                                                                                                                                                      SHA1:BCBBF88C05732D4E1E3811FD312425C1C92018D1
                                                                                                                                                                                                                                      SHA-256:615EB8A75F9ED9371A59DA8F31E27EE091C013DB0B9164A5124CA0656EA47CB4
                                                                                                                                                                                                                                      SHA-512:FA34EB05996C41F23524A8B4F1FAED0BDD41224D8E514AA57D568A55D2044C32798C1357F22C72AD79FD02948CAAD89B98B8E9B0AD2927E4A0169739335271CE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I+.j'x.j'x.j'x...x.j'x..&y.j'x...x.j'x.."y.j'x..#y.j'x..$y.j'x..#y.j'x..&y.j'x..&y.j'x.j&xCj'xk..y.j'xk.'y.j'xk.%y.j'xRich.j'x................PE..d......g.........." ................,........................................P............`..........................................u..lB......,....0..l.......L............@..0....Q..T............................R..8............................................text...y........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\select.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                      Size (bytes):29056
                                                                                                                                                                                                                                      Entropy (8bit):6.492672207841723
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:Ag1ecReJK4HquuI7A70RUZNIg7GXIYiSy1pCQm3MnfPxh8E9VF0NyyRt:AseUeJRHqgbGNIg7GYYiSyvwMfPxWEo
                                                                                                                                                                                                                                      MD5:116335EBC419DD5224DD9A4F2A765467
                                                                                                                                                                                                                                      SHA1:482EF3D79BFD6B6B737F8D546CD9F1812BD1663D
                                                                                                                                                                                                                                      SHA-256:813EEDE996FC08E1C9A6D45AAA4CBAE1E82E781D69885680A358B4D818CFC0D4
                                                                                                                                                                                                                                      SHA-512:41DC7FACAB0757ED1E286AE8E41122E09738733AD110C2918F5E2120DFB0DBFF0DAEFCAD2BFFD1715B15B44C861B1DD7FB0D514983DB50DDC758F47C1B9B3BF3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........].t.<t'.<t'.<t'.D.'.<t'.@u&.<t'.@q&.<t'.@p&.<t'.@w&.<t'i@u&.<t'.<u'.<t'.Nu&.<t'i@y&.<t'i@t&.<t'i@.'.<t'i@v&.<t'Rich.<t'................PE..d...^..c.........." ...".....2.......................................................!....`..........................................@..L...,A..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\unicodedata.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1139576
                                                                                                                                                                                                                                      Entropy (8bit):5.430913356361142
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:g32YbfjwR6nbVonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD1ub:gGYbM00IDJcjEwPgPOG6Xyd461ub
                                                                                                                                                                                                                                      MD5:CDB5F373D24ADCEB4DC4FA1677757F0C
                                                                                                                                                                                                                                      SHA1:AF6B381EED65D244C57129346008EC8532BA336B
                                                                                                                                                                                                                                      SHA-256:175C4CB528F1AC4E285C575CC3F5E85EC4B3AE88860210B5D795B580C7F0B5D9
                                                                                                                                                                                                                                      SHA-512:429A326648C761BF068CA7735094644F532D631CF9355C9F1A5743A5791837A36CD6AA2EFE2265C7541FEB06310D0C07B634DD04438D8EDDBDF1C4147938A868
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t..t..t..}...r..;...v..;...y..;...|..;...w.....w......v..t..%.....u.....u...y.u.....u..Richt..........PE..d...j..c.........." ...".@..........P*..............................................u.....`.............................................X............`.......P..0....:..x)...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                      Entropy (8bit):5.113812591033072
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:rCm72PEO1jIUs0YqEcPbF55UgCWV4rofnDPdRD0hvHvcqvn7ycIt/G/:rardA0Bzx14r6nDrOhv+O/
                                                                                                                                                                                                                                      MD5:B58CA169FDCFFAB726391D3906DD9A4E
                                                                                                                                                                                                                                      SHA1:C4BB8DA84A5D9C31D0ACB7A4127F55E696F414DF
                                                                                                                                                                                                                                      SHA-256:1A8DCDBD730166889C03FAF285DC1DD9F16090DFE81043D80A9D6308300EBAC9
                                                                                                                                                                                                                                      SHA-512:AA23DEBF80D89A40677D1BF1C7C6C3445A79E76419865B86D0D6A605656478067EBEA2752348FCF77D583D2E5DCD284DA7F55F751D6441E647565DA77F982966
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Dg..%..%..%..]..%...P..%...]..%...P..%...P..%...P..%.....%..%..%..LP..%..LP..%..LP..%..Rich.%..................PE..d......g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\win32\win32api.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):133120
                                                                                                                                                                                                                                      Entropy (8bit):5.849201651779307
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:znvpE3JJ/Q7DspOCQUUU40Oc3lRVFhLaNzvBii7qQvmwCoY9LQPe:T4xG4pOCQUUU4rWlRVgv5qQSoY9
                                                                                                                                                                                                                                      MD5:D02300D803850C3B0681E16130FECEE4
                                                                                                                                                                                                                                      SHA1:6411815E2A908432A640719ECFE003B43BBBA35C
                                                                                                                                                                                                                                      SHA-256:B938C8CD68B15EC62F053045A764D8DD38162A75373B305B4CF1392AC05DF5F9
                                                                                                                                                                                                                                      SHA-512:6FAD1836614869AB3BB624BDA9943CEAF9E197B17CA4F4FFE78699492B72F95EEE02AE1BB07C0508438956BEF10CC1E656DDF75D0EDC9EF71A3860AF39075564
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<..Vx...x...x...q...p...*..|...*..p...*..|......z.......z...*..o...3..s...x...-......z......y......y...Richx...........PE..d......g.........." .........................................................P............`.........................................P...............0..\....................@..X....v..T............................;..8............0.........@....................text............................... ..`.rdata..b....0......................@..@.data...X(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI26642\win32\win32trace.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):23552
                                                                                                                                                                                                                                      Entropy (8bit):5.281874510289411
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:9eeH8ZmV+zknwMswDuVQO0T8DmMel2/QEVR7AWCq5yn9ukF1B3:N+zi/uVQ1Q/QEVR1NUpB
                                                                                                                                                                                                                                      MD5:965E9833F4CD7A45C2C1EE85EFC2DA3B
                                                                                                                                                                                                                                      SHA1:3C6888194AD30E17DC5EEA7418133A541BCDDF07
                                                                                                                                                                                                                                      SHA-256:5ECD0274DC220312824BB3086B3E129E38A9DCB06913A2F6173A94DC256BF4C5
                                                                                                                                                                                                                                      SHA-512:F8C4E0C82A8229B3BDB897B536EE73B5D2A9A2810B73DCC77C880961A9A16E43746234A108A9A15BF18638FCFB3086E0F5EEFD85D5BF6F799718DC6F199C4A26
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.wF..wF..wF......wF...G..wF...C..wF...B..wF...E..wF.D.G..wF...G..wF...G..wF..wG..wF.D.O..wF.D.F..wF.D.D..wF.Rich.wF.................PE..d......g.........." .....,...,.......(....................................................`......................................... Q..T...tQ..........d....p.......................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...d............V..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\qcv8ob5z

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                      Entropy (8bit):2.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:qn:qn
                                                                                                                                                                                                                                      MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                                                      SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                                                      SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                                                      SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:blat

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpnuw20qxi\gen_py\__init__.py

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):176
                                                                                                                                                                                                                                      Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                                      MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                                      SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                                      SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                                      SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpnuw20qxi\gen_py\dicts.dat

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10
                                                                                                                                                                                                                                      Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                                      MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                                      SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                                      SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                                      SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:..K....}..

                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                      Entropy (8bit):7.996735013778768
                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 74.95%
                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 12.51%
                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 12.50%
                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                                                                                                                                                                                                                                      File name:discord.exe
                                                                                                                                                                                                                                      File size:11'872'129 bytes
                                                                                                                                                                                                                                      MD5:92381e1c521ac985474c86f52e81d648
                                                                                                                                                                                                                                      SHA1:889d8f03e2e854dd7164e4c35e444bc01a817361
                                                                                                                                                                                                                                      SHA256:fc488eb00b7ffa0e01c915d9700229a78b1311918ec8e1961764ef0b3624e061
                                                                                                                                                                                                                                      SHA512:2f7c6573573b6c0d1f2f62d28cd014bd80420839ad3a7b704a90fa224c00ec0baf80c48c8f1aae76db715743b7649c93a84f298263fa30bddc8c23c8e7281bdd
                                                                                                                                                                                                                                      SSDEEP:196608:EV1Z2azjvj8p5drY+zg+oqiJFdQmR5dA6leJuErSEEJwlCfFshhnPM9ks8nYIk:EVlj87dtFDMdQ2li+9JUJhhbYIk
                                                                                                                                                                                                                                      TLSH:33C6337691A378D5C15F41B0C19AC6A078A0FE7413F1743C07E90BBA6F9BAB46F7A481
                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...A.Tg.J.............(.....<... .............@....................................D.....`................................

                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                      Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Entrypoint:0x1400010f6
                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                                                                                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                                                                      Time Stamp:0x6754DC41 [Sat Dec 7 23:37:37 2024 UTC]
                                                                                                                                                                                                                                      TLS Callbacks:0x4000dab0, 0x1, 0x4000db70, 0x1
                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                      OS Version Major:4
                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                      File Version Major:4
                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                      Import Hash:cf8ad0ecdb3ba4aa29003f793248ec72

                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 30h
                                                                                                                                                                                                                                      mov dword ptr [ebp-04h], 000000FFh
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [000206F4h]
                                                                                                                                                                                                                                      mov dword ptr [eax], 00000001h
                                                                                                                                                                                                                                      call 00007FF464F401C2h
                                                                                                                                                                                                                                      mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                      nop
                                                                                                                                                                                                                                      nop
                                                                                                                                                                                                                                      mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      add esp, 30h
                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 30h
                                                                                                                                                                                                                                      mov dword ptr [ebp-04h], 000000FFh
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [000206C5h]
                                                                                                                                                                                                                                      mov dword ptr [eax], 00000000h
                                                                                                                                                                                                                                      call 00007FF464F40193h
                                                                                                                                                                                                                                      mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                      nop
                                                                                                                                                                                                                                      nop
                                                                                                                                                                                                                                      mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      add esp, 30h
                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 70h
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov dword ptr [ebp-10h], 00000000h
                                                                                                                                                                                                                                      mov dword ptr [ebp-1Ch], 00000030h
                                                                                                                                                                                                                                      mov eax, dword ptr [ebp-1Ch]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [ebp-28h]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [eax+08h]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov dword ptr [ebp-18h], eax
                                                                                                                                                                                                                                      mov dword ptr [ebp-04h], 00000000h
                                                                                                                                                                                                                                      jmp 00007FF464F401A3h
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      cmp eax, dword ptr [ebp-18h]
                                                                                                                                                                                                                                      jne 00007FF464F4018Bh
                                                                                                                                                                                                                                      mov dword ptr [ebp-04h], 00000001h
                                                                                                                                                                                                                                      jmp 00007FF464F401C7h
                                                                                                                                                                                                                                      mov ecx, 000003E8h
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [0002853Eh]
                                                                                                                                                                                                                                      call eax
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [0002069Dh]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [ebp-18h]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov dword ptr [ebp+00h], eax

                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x290000x15fc.idata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000xf41c.rsrc
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x250000xf6c.pdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x3d0000x13c.reloc
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x20a600x28.rdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x295800x4f0.idata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                      .text0x10000x183c80x18400616d6c6e51c5e392d4ec9a3ff55d8079False0.444164787371134data6.169519932682489IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .data0x1a0000x1500x2000121ce293810747daec3ebac9cc32327False0.189453125data1.3863555132737315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .rdata0x1b0000x82000x820023c563a29a4a256b26cd20c230b9aa44False0.48115985576923076data6.585400510346943IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      /40x240000x40x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .pdata0x250000xf6c0x100068aa1eabf500d997f09cbe9273da2d29False0.47412109375data5.06511475769715IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .xdata0x260000xfc40x1000faa06eeea841bc050055ea29bac6cbc1False0.25390625shared library4.378695124603942IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .bss0x270000x1ed00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .idata0x290000x15fc0x1600784cf13538071a0d21100682f50e9e8dFalse0.33203125data4.563031060063162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .CRT0x2b0000x600x200d44f86b8c428e457de2de5ea3e40aa46False0.06640625data0.29046607431271465IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .tls0x2c0000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .rsrc0x2d0000xf41c0xf6004c8f6d330806f9f4616d141f80690999False0.8030678353658537data7.55489091318796IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .reloc0x3d0000x13c0x20008adfa9e87cba7e06bbfd839064387caFalse0.490234375data3.5698192923734458IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                      RT_ICON0x2d2080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                                      RT_ICON0x2e0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                                      RT_ICON0x2e9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                                      RT_ICON0x2eec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                                      RT_ICON0x383ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                                      RT_ICON0x3a9940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                                      RT_ICON0x3ba3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                                      RT_GROUP_ICON0x3bea40x68data0.7019230769230769
                                                                                                                                                                                                                                      RT_MANIFEST0x3bf0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                      ADVAPI32.dllConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetTokenInformation, OpenProcessToken
                                                                                                                                                                                                                                      COMCTL32.dllLoadIconMetric
                                                                                                                                                                                                                                      GDI32.dllCreateFontIndirectW, DeleteObject, SelectObject
                                                                                                                                                                                                                                      KERNEL32.dllCloseHandle, CreateDirectoryW, CreateProcessW, CreateSymbolicLinkW, DeleteCriticalSection, EnterCriticalSection, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FormatMessageW, FreeLibrary, GetCommandLineW, GetCurrentProcess, GetEnvironmentVariableW, GetExitCodeProcess, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetStartupInfoW, GetTempPathW, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LocalFree, MulDiv, MultiByteToWideChar, SetConsoleCtrlHandler, SetDllDirectoryW, SetEnvironmentVariableW, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, __C_specific_handler
                                                                                                                                                                                                                                      msvcrt.dll___lc_codepage_func, ___mb_cur_max_func, __argc, __iob_func, __set_app_type, __setusermatherr, __wargv, __wgetmainargs, __winitenv, _amsg_exit, _cexit, _commode, _errno, _filelengthi64, _fileno, _findclose, _fileno, _fmode, _get_osfhandle, _getpid, _initterm, _lock, _onexit, _snwprintf, _stat64, _strdup, _unlock, _wcmdln, _wcsdup, _wcsdup, _wfindfirst64, _wfindnext64, _wfopen, _wfullpath, _wputenv_s, _wremove, _wrmdir, _wstat64, _wtempnam, abort, calloc, clearerr, exit, fclose, feof, ferror, fflush, fgetpos, fprintf, fputc, fputwc, fread, free, fsetpos, fwprintf, fwrite, iswctype, localeconv, malloc, mbstowcs, memcmp, memcpy, memset, perror, realloc, setlocale, signal, strcat, strchr, strcmp, strcpy, strerror, strlen, strncat, strncmp, strncpy, strtok, strtoul, vfprintf, wcscat, wcschr, wcscmp, wcscpy, wcslen, wcsncpy, wcstombs
                                                                                                                                                                                                                                      USER32.dllCreateWindowExW, DestroyIcon, DialogBoxIndirectParamW, DrawTextW, EndDialog, GetClientRect, GetDC, GetDialogBaseUnits, GetWindowLongPtrW, InvalidateRect, MessageBoxA, MessageBoxW, MoveWindow, ReleaseDC, SendMessageW, SetWindowLongPtrW, SystemParametersInfoW

                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.599334002 CET49719443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.599396944 CET44349719172.67.74.152192.168.2.7
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.600326061 CET49719443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.600326061 CET49719443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.600382090 CET44349719172.67.74.152192.168.2.7
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:31.817205906 CET44349719172.67.74.152192.168.2.7
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:31.817842007 CET49719443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:31.817867994 CET44349719172.67.74.152192.168.2.7
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:31.819225073 CET44349719172.67.74.152192.168.2.7
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:31.819298029 CET49719443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:31.819890976 CET49719443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:31.820049047 CET49719443192.168.2.7172.67.74.152
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:31.820050001 CET44349719172.67.74.152192.168.2.7
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:31.820103884 CET49719443192.168.2.7172.67.74.152

                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:21.095788956 CET6261953192.168.2.71.1.1.1
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.457395077 CET5846353192.168.2.71.1.1.1
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.594820023 CET53584631.1.1.1192.168.2.7

                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:21.095788956 CET192.168.2.71.1.1.10xb6f5Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.457395077 CET192.168.2.71.1.1.10xa61bStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:21.232934952 CET1.1.1.1192.168.2.70xb6f5No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:22.698993921 CET1.1.1.1192.168.2.70x4fa9No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:22.698993921 CET1.1.1.1192.168.2.70x4fa9No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.594820023 CET1.1.1.1192.168.2.70xa61bNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.594820023 CET1.1.1.1192.168.2.70xa61bNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Dec 11, 2024 16:17:30.594820023 CET1.1.1.1192.168.2.70xa61bNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                      Start time:10:17:25
                                                                                                                                                                                                                                      Start date:11/12/2024
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\discord.exe"
                                                                                                                                                                                                                                      Imagebase:0x7ff60a4e0000
                                                                                                                                                                                                                                      File size:11'872'129 bytes
                                                                                                                                                                                                                                      MD5 hash:92381E1C521AC985474C86F52E81D648
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                      Start time:10:17:27
                                                                                                                                                                                                                                      Start date:11/12/2024
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\discord.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\discord.exe"
                                                                                                                                                                                                                                      Imagebase:0x7ff60a4e0000
                                                                                                                                                                                                                                      File size:11'872'129 bytes
                                                                                                                                                                                                                                      MD5 hash:92381E1C521AC985474C86F52E81D648
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_AntiVM_5, Description: Yara detected AntiVM_5, Source: 00000002.00000002.1420000448.00000200A1100000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                        Execution Coverage:6.4%
                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                        Signature Coverage:18.1%
                                                                                                                                                                                                                                        Total number of Nodes:1170
                                                                                                                                                                                                                                        Total number of Limit Nodes:16
                                                                                                                                                                                                                                        execution_graph 11985 7ff60a4eaaa0 11987 7ff60a4eaaa5 11985->11987 11986 7ff60a4ea4f0 4 API calls 11986->11987 11987->11986 11988 7ff60a4eaa3b 11987->11988 11124 7ff60a4eb150 11125 7ff60a4eb15e 11124->11125 11126 7ff60a4eb17c memcpy 11125->11126 11128 7ff60a4eab11 11125->11128 11126->11128 11127 7ff60a4ea4f0 4 API calls 11127->11128 11128->11127 11129 7ff60a4eaa3b 11128->11129 9630 7ff60a4e10f6 9633 7ff60a4e1154 9630->9633 9634 7ff60a4e118b 9633->9634 9635 7ff60a4e11f1 _amsg_exit 9634->9635 9636 7ff60a4e11fd 9634->9636 9637 7ff60a4e1232 9635->9637 9636->9637 9638 7ff60a4e120a _initterm 9636->9638 9639 7ff60a4e124a _initterm 9637->9639 9640 7ff60a4e1270 9637->9640 9638->9637 9639->9640 9649 7ff60a4e147c 9640->9649 9642 7ff60a4e1309 9654 7ff60a4ed990 9642->9654 9645 7ff60a4e1350 exit 9646 7ff60a4e135d 9645->9646 9647 7ff60a4e1117 9646->9647 9648 7ff60a4e1367 _cexit 9646->9648 9648->9647 9650 7ff60a4e14a2 9649->9650 9651 7ff60a4e14bd 9650->9651 9652 7ff60a4e1558 9650->9652 9653 7ff60a4e14dc malloc memcpy 9651->9653 9652->9642 9653->9650 9655 7ff60a4ed9b6 9654->9655 9656 7ff60a4eda38 memset 9655->9656 9657 7ff60a4eda5f 9656->9657 9660 7ff60a4e16d0 9657->9660 9728 7ff60a4e8fe0 9660->9728 9662 7ff60a4e16f3 9735 7ff60a4e21d0 calloc 9662->9735 9666 7ff60a4e2e60 10 API calls 9724 7ff60a4e3d85 9666->9724 9667 7ff60a4e3cfa 9667->9724 9749 7ff60a4e7e30 9667->9749 9668 7ff60a4e9090 10 API calls 9668->9724 9670 7ff60a4e3d2c 9672 7ff60a4e3e00 9670->9672 9673 7ff60a4e3d38 9670->9673 9671 7ff60a4e4122 SetDllDirectoryW 9675 7ff60a4e7020 12 API calls 9671->9675 9756 7ff60a4e7f20 9672->9756 9676 7ff60a4e7e30 15 API calls 9673->9676 9675->9724 9679 7ff60a4e3d44 9676->9679 9677 7ff60a4e40e2 SetDllDirectoryW 9680 7ff60a4e7020 12 API calls 9677->9680 9678 7ff60a4e3e08 9759 7ff60a4e22c0 9678->9759 9682 7ff60a4e3f28 9679->9682 9683 7ff60a4e3d5e free 9679->9683 9708 7ff60a4e3e5e 9680->9708 9685 7ff60a4e7f20 12 API calls 9682->9685 9687 7ff60a4e7f20 12 API calls 9683->9687 9684 7ff60a4e3e16 9684->9724 9780 7ff60a4e24a0 9684->9780 9689 7ff60a4e3f40 9685->9689 9690 7ff60a4e3d6f 9687->9690 9691 7ff60a4e22c0 44 API calls 9689->9691 9693 7ff60a4e7f20 12 API calls 9690->9693 9691->9724 9692 7ff60a4e22c0 44 API calls 9692->9724 9696 7ff60a4e3d77 9693->9696 9698 7ff60a4e22c0 44 API calls 9696->9698 9698->9724 9700 7ff60a4e3e89 strcmp 9703 7ff60a4e3ede 9700->9703 9700->9724 9701 7ff60a4e4292 fclose 9701->9724 9853 7ff60a4e3c00 9703->9853 9704 7ff60a4e71c0 FreeLibrary 9704->9708 9708->9700 9708->9701 9708->9704 9709 7ff60a4e7060 free free free free 9708->9709 9708->9724 9838 7ff60a4e6b90 9708->9838 9874 7ff60a4e6d80 9708->9874 9902 7ff60a4e6fa0 9708->9902 9927 7ff60a4e72d0 9708->9927 9709->9708 9710 7ff60a4e24a0 58 API calls 9710->9724 9712 7ff60a4e3ec5 strcpy 9712->9703 9714 7ff60a4e3eee 9718 7ff60a4e71c0 FreeLibrary 9714->9718 9715 7ff60a4e3dd6 SetDllDirectoryW 9717 7ff60a4e7020 12 API calls 9715->9717 9717->9724 9719 7ff60a4e3f02 9718->9719 9862 7ff60a4e7060 9719->9862 9721 7ff60a4e7060 free free free free 9721->9724 9723 7ff60a4e1340 9723->9645 9723->9646 9724->9666 9724->9668 9724->9671 9724->9677 9724->9692 9724->9700 9724->9701 9724->9708 9724->9710 9724->9712 9724->9715 9724->9721 9725 7ff60a4e3ff0 9724->9725 9788 7ff60a4e7020 calloc 9724->9788 9792 7ff60a4e36c0 9724->9792 9799 7ff60a4e7ec0 9724->9799 9804 7ff60a4e8820 9724->9804 9816 7ff60a4e71c0 9724->9816 9822 7ff60a4e8260 9724->9822 9850 7ff60a4e3c80 9724->9850 9912 7ff60a4e4650 9724->9912 9918 7ff60a4e8bb0 malloc 9724->9918 9871 7ff60a4e2210 9725->9871 9730 7ff60a4e8ffe 9728->9730 9729 7ff60a4e9059 9729->9662 9730->9729 9732 7ff60a4e9031 9730->9732 9933 7ff60a4e8ec0 9730->9933 9733 7ff60a4e9040 free 9732->9733 9733->9733 9734 7ff60a4e9051 free 9733->9734 9734->9729 9736 7ff60a4e21ed 9735->9736 9737 7ff60a4e21e8 9735->9737 10000 7ff60a4e2fe0 9736->10000 9737->9724 9739 7ff60a4e45a0 9737->9739 10008 7ff60a4ef020 9739->10008 9741 7ff60a4e45ac GetModuleFileNameW 9742 7ff60a4e45cc 9741->9742 9743 7ff60a4e45f8 9741->9743 9744 7ff60a4e8ec0 13 API calls 9742->9744 9745 7ff60a4e2f40 10 API calls 9743->9745 9746 7ff60a4e45dd 9744->9746 9747 7ff60a4e45ea 9745->9747 9746->9747 10010 7ff60a4e2e60 9746->10010 9747->9667 9750 7ff60a4e7e3b 9749->9750 9751 7ff60a4e9090 10 API calls 9750->9751 9752 7ff60a4e7e50 GetEnvironmentVariableW 9751->9752 9753 7ff60a4e7e78 ExpandEnvironmentStringsW 9752->9753 9755 7ff60a4e7e66 9752->9755 9754 7ff60a4e8ec0 13 API calls 9753->9754 9754->9755 9755->9670 9757 7ff60a4e9090 10 API calls 9756->9757 9758 7ff60a4e7f33 SetEnvironmentVariableW free 9757->9758 9758->9678 9760 7ff60a4e22d0 9759->9760 10015 7ff60a4e1af0 9760->10015 9763 7ff60a4e22fb 9763->9684 9764 7ff60a4e1af0 fputc 9765 7ff60a4e232b 9764->9765 9765->9763 10018 7ff60a4e1f90 9765->10018 9768 7ff60a4e233a 9768->9763 10046 7ff60a4e42f0 9768->10046 9771 7ff60a4e239a 9772 7ff60a4e23ac 9771->9772 9773 7ff60a4e2408 9771->9773 9774 7ff60a4e42f0 18 API calls 9772->9774 9776 7ff60a4e42f0 18 API calls 9773->9776 9775 7ff60a4e23be strcpy 9774->9775 9775->9684 9777 7ff60a4e2422 9776->9777 10059 7ff60a4e4390 9777->10059 9779 7ff60a4e2430 9779->9775 9781 7ff60a4e24b1 9780->9781 9782 7ff60a4e24d0 9780->9782 9783 7ff60a4e2240 2 API calls 9781->9783 9782->9724 9784 7ff60a4e24bd 9783->9784 10102 7ff60a4e7f60 9784->10102 9787 7ff60a4e2e60 10 API calls 9787->9782 9789 7ff60a4e703d 9788->9789 9790 7ff60a4e7038 9788->9790 9791 7ff60a4e2fe0 11 API calls 9789->9791 9790->9708 9791->9790 9793 7ff60a4e37b9 9792->9793 9794 7ff60a4e36fa 9792->9794 9793->9724 9797 7ff60a4e3779 9794->9797 10199 7ff60a4e1d40 9794->10199 10243 7ff60a4e3340 9794->10243 9797->9793 9798 7ff60a4e2210 free 9797->9798 9798->9797 9800 7ff60a4e9090 10 API calls 9799->9800 9801 7ff60a4e7ed7 9800->9801 9802 7ff60a4e9090 10 API calls 9801->9802 9803 7ff60a4e7ee7 _wputenv_s free free 9802->9803 9803->9724 9805 7ff60a4e8830 9804->9805 9806 7ff60a4e9090 10 API calls 9805->9806 9807 7ff60a4e885e SetConsoleCtrlHandler GetStartupInfoW 9806->9807 9808 7ff60a4e88ce 9807->9808 9809 7ff60a4e88d6 _get_osfhandle 9808->9809 9810 7ff60a4e88f9 _fileno _get_osfhandle 9809->9810 9811 7ff60a4e891d _fileno _get_osfhandle GetCommandLineW CreateProcessW 9810->9811 9812 7ff60a4e898b WaitForSingleObject GetExitCodeProcess 9811->9812 9813 7ff60a4e89c8 9811->9813 9812->9724 9814 7ff60a4e2f40 10 API calls 9813->9814 9815 7ff60a4e89db 9814->9815 9815->9724 9817 7ff60a4e7293 9816->9817 9820 7ff60a4e71d3 9816->9820 9817->9724 9818 7ff60a4e7277 9818->9817 10482 7ff60a4e8800 FreeLibrary 9818->10482 9820->9817 9820->9818 10481 7ff60a4e8800 FreeLibrary 9820->10481 9823 7ff60a4e8276 9822->9823 9824 7ff60a4e9090 10 API calls 9823->9824 9825 7ff60a4e82a2 9824->9825 9826 7ff60a4e82ad wcslen 9825->9826 9827 7ff60a4e82cc wcscat 9826->9827 9828 7ff60a4e82c6 9826->9828 10483 7ff60a4efb70 9827->10483 9828->9827 9829 7ff60a4e8320 wcscat 9828->9829 9829->9827 9832 7ff60a4e82f7 _wrmdir 9832->9724 9835 7ff60a4e835e 9836 7ff60a4e838e _findclose 9835->9836 9837 7ff60a4e83a0 25 API calls 9835->9837 10503 7ff60a4efc50 9835->10503 9836->9832 9837->9835 9839 7ff60a4e6bb0 9838->9839 9841 7ff60a4e6bb8 9838->9841 9839->9708 9840 7ff60a4e1b30 27 API calls 9842 7ff60a4e6bd8 9840->9842 9841->9839 9841->9840 9842->9839 9843 7ff60a4e6be4 strncpy strncpy strncpy 9842->9843 9844 7ff60a4e4390 4 API calls 9843->9844 9845 7ff60a4e6c39 calloc malloc malloc 9844->9845 9846 7ff60a4e6cb2 9845->9846 9847 7ff60a4e6d11 9845->9847 9846->9847 9848 7ff60a4e6cb7 memcpy memcpy memcpy free 9846->9848 9849 7ff60a4e2e60 10 API calls 9847->9849 9848->9839 9849->9839 9851 7ff60a4f01e0 fputc 9850->9851 9852 7ff60a4e3ca4 9851->9852 9852->9724 10511 7ff60a4e62f0 9853->10511 9859 7ff60a4e3c2f 9861 7ff60a4e3c3b 9859->9861 10590 7ff60a4e6880 9859->10590 9861->9714 9863 7ff60a4e7071 9862->9863 9864 7ff60a4e70ac 9862->9864 9865 7ff60a4e7082 9863->9865 9866 7ff60a4e707d free 9863->9866 9864->9723 9867 7ff60a4e7093 9865->9867 9868 7ff60a4e708e free 9865->9868 9866->9865 9869 7ff60a4e70a4 free 9867->9869 9870 7ff60a4e709f free 9867->9870 9868->9867 9869->9864 9870->9869 9872 7ff60a4e221d free 9871->9872 9873 7ff60a4e2238 9871->9873 9872->9873 9873->9723 9875 7ff60a4ef020 9874->9875 9876 7ff60a4e6d96 calloc 9875->9876 9877 7ff60a4e6f70 strncpy 9876->9877 9898 7ff60a4e6dbf 9876->9898 9878 7ff60a4e6ed8 strncpy 9877->9878 9880 7ff60a4e4390 4 API calls 9878->9880 9881 7ff60a4e6f00 strncpy 9880->9881 9883 7ff60a4e4390 4 API calls 9881->9883 9882 7ff60a4e6de0 memcpy 9886 7ff60a4e4390 4 API calls 9882->9886 9887 7ff60a4e6f2d 9883->9887 9884 7ff60a4e6e3d strlen 9889 7ff60a4e6eb0 9884->9889 9884->9898 9885 7ff60a4e6e7c 9890 7ff60a4e2e60 10 API calls 9885->9890 9891 7ff60a4e6e04 strlen strlen 9886->9891 10807 7ff60a4e4360 9887->10807 9889->9877 9894 7ff60a4e6eb9 9889->9894 9893 7ff60a4e6e90 free 9890->9893 9895 7ff60a4e1d40 65 API calls 9891->9895 9892 7ff60a4e6f38 9896 7ff60a4e4390 4 API calls 9892->9896 9893->9708 9897 7ff60a4e4390 4 API calls 9894->9897 9895->9898 9899 7ff60a4e6f46 9896->9899 9897->9878 9898->9882 9898->9884 9898->9885 9900 7ff60a4e6f50 9898->9900 10802 7ff60a4e2440 9898->10802 9899->9893 9901 7ff60a4e2e60 10 API calls 9900->9901 9901->9899 9903 7ff60a4e87c0 12 API calls 9902->9903 9904 7ff60a4e6fbb 9903->9904 9905 7ff60a4e87c0 12 API calls 9904->9905 9906 7ff60a4e6fce 9905->9906 9907 7ff60a4e7008 9906->9907 9909 7ff60a4e6fe9 9906->9909 9908 7ff60a4e2e60 10 API calls 9907->9908 9911 7ff60a4e6fee 9908->9911 10828 7ff60a4e7680 GetProcAddress 9909->10828 9911->9708 9913 7ff60a4e465d 9912->9913 9914 7ff60a4e9090 10 API calls 9913->9914 9915 7ff60a4e467e 9914->9915 9916 7ff60a4e9090 10 API calls 9915->9916 9917 7ff60a4e468f _wfopen 9916->9917 9917->9724 9919 7ff60a4e8c99 free 9918->9919 9920 7ff60a4e8bdf 9918->9920 9919->9724 9921 7ff60a4f0020 2 API calls 9920->9921 9923 7ff60a4e8bef 9921->9923 9923->9919 10922 7ff60a4f0110 9923->10922 9925 7ff60a4f0020 2 API calls 9926 7ff60a4e8bff 9925->9926 9926->9919 9926->9925 9929 7ff60a4e72f3 9927->9929 9928 7ff60a4e7343 9928->9708 9929->9928 9930 7ff60a4e2e60 10 API calls 9929->9930 9931 7ff60a4e73a0 9930->9931 9932 7ff60a4e71c0 FreeLibrary 9931->9932 9932->9928 9934 7ff60a4e8ed3 9933->9934 9935 7ff60a4e8f20 WideCharToMultiByte 9933->9935 9936 7ff60a4e8edd WideCharToMultiByte 9934->9936 9937 7ff60a4e8fc0 9935->9937 9938 7ff60a4e8f67 calloc 9935->9938 9939 7ff60a4e8f12 9936->9939 9940 7ff60a4e8fa0 9936->9940 9942 7ff60a4e2f40 10 API calls 9937->9942 9938->9936 9941 7ff60a4e8f81 9938->9941 9939->9730 9944 7ff60a4e2f40 10 API calls 9940->9944 9946 7ff60a4e2f40 GetLastError 9941->9946 9942->9939 9944->9939 9955 7ff60a4f01e0 9946->9955 9950 7ff60a4e2f9a 9972 7ff60a4e2d90 9950->9972 9954 7ff60a4e2fd0 9954->9939 9956 7ff60a4f0202 9955->9956 9957 7ff60a4f022b 9955->9957 9983 7ff60a4f22d2 9956->9983 9958 7ff60a4f22d2 fputc 9957->9958 9960 7ff60a4e2f8e 9958->9960 9961 7ff60a4e8cd0 9960->9961 9962 7ff60a4e8cdc 9961->9962 9963 7ff60a4e8cea FormatMessageW 9962->9963 9964 7ff60a4e8d98 GetLastError 9962->9964 9965 7ff60a4e8d70 9963->9965 9966 7ff60a4e8d1c WideCharToMultiByte 9963->9966 9964->9963 9968 7ff60a4e2f40 7 API calls 9965->9968 9967 7ff60a4e8db0 9966->9967 9971 7ff60a4e8d61 9966->9971 9970 7ff60a4e2f40 7 API calls 9967->9970 9969 7ff60a4e8d83 9968->9969 9969->9950 9970->9971 9971->9950 9973 7ff60a4f01e0 fputc 9972->9973 9974 7ff60a4e2db4 9973->9974 9975 7ff60a4e2dc0 9974->9975 9976 7ff60a4e2dd0 9975->9976 9987 7ff60a4e9090 9976->9987 9979 7ff60a4e2e40 MessageBoxA 9979->9954 9980 7ff60a4e2e0c 9981 7ff60a4e9090 8 API calls 9980->9981 9982 7ff60a4e2e1d MessageBoxW 9981->9982 9982->9954 9984 7ff60a4f22f1 9983->9984 9985 7ff60a4f2cb2 9984->9985 9986 7ff60a4f0330 fputc 9984->9986 9985->9960 9986->9984 9988 7ff60a4e90a3 9987->9988 9989 7ff60a4e90e0 MultiByteToWideChar 9987->9989 9992 7ff60a4e90ad MultiByteToWideChar 9988->9992 9990 7ff60a4e9115 calloc 9989->9990 9991 7ff60a4e9168 9989->9991 9990->9992 9993 7ff60a4e912b 9990->9993 9994 7ff60a4e2f40 7 API calls 9991->9994 9995 7ff60a4e2e07 9992->9995 9996 7ff60a4e9148 9992->9996 9997 7ff60a4e2f40 7 API calls 9993->9997 9994->9995 9995->9979 9995->9980 9998 7ff60a4e2f40 7 API calls 9996->9998 9999 7ff60a4e9140 9997->9999 9998->9995 9999->9995 10001 7ff60a4f01e0 fputc 10000->10001 10002 7ff60a4e3027 _errno 10001->10002 10003 7ff60a4e3034 10002->10003 10004 7ff60a4e2d90 fputc 10003->10004 10005 7ff60a4e3055 10004->10005 10006 7ff60a4e2dc0 10 API calls 10005->10006 10007 7ff60a4e306a 10006->10007 10007->9737 10009 7ff60a4ef02f 10008->10009 10009->9741 10009->10009 10011 7ff60a4f01e0 fputc 10010->10011 10012 7ff60a4e2ea2 10011->10012 10013 7ff60a4e2dc0 10 API calls 10012->10013 10014 7ff60a4e2eb7 10013->10014 10014->9747 10016 7ff60a4f01e0 fputc 10015->10016 10017 7ff60a4e1b0d 10016->10017 10017->9763 10017->9764 10019 7ff60a4e4650 11 API calls 10018->10019 10020 7ff60a4e1faa 10019->10020 10021 7ff60a4e8bb0 5 API calls 10020->10021 10044 7ff60a4e218c 10020->10044 10022 7ff60a4e1fe3 10021->10022 10024 7ff60a4e1feb 10022->10024 10069 7ff60a4f0020 10022->10069 10023 7ff60a4e2fe0 11 API calls 10026 7ff60a4e21ae 10023->10026 10027 7ff60a4e1ff0 fclose 10024->10027 10026->10026 10027->9768 10029 7ff60a4e2140 10031 7ff60a4e2fe0 11 API calls 10029->10031 10030 7ff60a4e201d fread 10032 7ff60a4e2153 10030->10032 10033 7ff60a4e203d 10030->10033 10031->10032 10035 7ff60a4e2fe0 11 API calls 10032->10035 10034 7ff60a4f0020 2 API calls 10033->10034 10036 7ff60a4e2086 malloc 10034->10036 10037 7ff60a4e2173 10035->10037 10038 7ff60a4e20a2 fread 10036->10038 10036->10044 10042 7ff60a4e2e60 10 API calls 10037->10042 10039 7ff60a4e2120 10038->10039 10040 7ff60a4e20b8 10038->10040 10041 7ff60a4e2fe0 11 API calls 10039->10041 10040->10037 10045 7ff60a4e20d6 10040->10045 10043 7ff60a4e2133 10041->10043 10042->10044 10043->10029 10044->10023 10045->10027 10047 7ff60a4e42fc 10046->10047 10078 7ff60a4e42c0 10047->10078 10052 7ff60a4e42c0 fputc 10053 7ff60a4e238b 10052->10053 10054 7ff60a4e2240 strlen 10053->10054 10055 7ff60a4e2268 10054->10055 10057 7ff60a4e2270 10054->10057 10055->9771 10056 7ff60a4e2281 strncmp 10056->10057 10058 7ff60a4e2297 10056->10058 10057->10055 10057->10056 10058->9771 10060 7ff60a4e42c0 fputc 10059->10060 10061 7ff60a4e43b1 10060->10061 10062 7ff60a4e4428 10061->10062 10063 7ff60a4e43d2 strlen 10061->10063 10062->9779 10063->10062 10064 7ff60a4e43e7 10063->10064 10065 7ff60a4e4410 10064->10065 10066 7ff60a4e43f7 strncat 10064->10066 10068 7ff60a4e4415 strlen 10065->10068 10067 7ff60a4e43fc 10066->10067 10067->9779 10068->10067 10072 7ff60a4f0060 10069->10072 10073 7ff60a4f00a6 10072->10073 10077 7ff60a4f007a 10072->10077 10074 7ff60a4f00e8 _errno 10073->10074 10073->10077 10076 7ff60a4e2015 10074->10076 10075 7ff60a4f00fa fsetpos 10075->10076 10076->10029 10076->10030 10077->10075 10077->10076 10079 7ff60a4f01e0 fputc 10078->10079 10080 7ff60a4e42e4 10079->10080 10080->10053 10081 7ff60a4ef3b0 10080->10081 10082 7ff60a4ef3ce 10081->10082 10083 7ff60a4ef3e9 setlocale 10082->10083 10084 7ff60a4ef3d9 _strdup 10082->10084 10085 7ff60a4ef824 wcstombs realloc wcstombs setlocale free 10083->10085 10086 7ff60a4ef408 10083->10086 10084->10083 10087 7ff60a4e4332 10085->10087 10086->10085 10088 7ff60a4ef417 mbstowcs 10086->10088 10087->10052 10089 7ff60a4ef020 10088->10089 10090 7ff60a4ef45f mbstowcs 10089->10090 10091 7ff60a4ef514 10090->10091 10092 7ff60a4ef4ad 10090->10092 10093 7ff60a4ef81a 10091->10093 10095 7ff60a4ef544 10091->10095 10092->10091 10094 7ff60a4ef4ee setlocale free 10092->10094 10093->10085 10094->10087 10096 7ff60a4ef5c3 wcstombs realloc wcstombs 10095->10096 10099 7ff60a4ef5c8 wcstombs 10095->10099 10098 7ff60a4ef7f7 setlocale free 10096->10098 10098->10087 10099->10098 10101 7ff60a4ef74e 10099->10101 10101->10098 10103 7ff60a4e7f76 10102->10103 10104 7ff60a4e8150 10103->10104 10106 7ff60a4e7e30 15 API calls 10103->10106 10105 7ff60a4e809e GetTempPathW _getpid 10104->10105 10152 7ff60a4e7d00 10105->10152 10108 7ff60a4e7f94 10106->10108 10109 7ff60a4e9090 10 API calls 10108->10109 10111 7ff60a4e7fa4 10109->10111 10113 7ff60a4e8210 10111->10113 10114 7ff60a4e7fb0 ExpandEnvironmentStringsW free 10111->10114 10112 7ff60a4e80d4 _wtempnam 10155 7ff60a4e9210 10112->10155 10116 7ff60a4e2e60 10 API calls 10113->10116 10117 7ff60a4e81e0 10114->10117 10118 7ff60a4e7fd9 10114->10118 10130 7ff60a4e24cc 10116->10130 10123 7ff60a4e2e60 10 API calls 10117->10123 10169 7ff60a4e9420 wcslen 10118->10169 10121 7ff60a4e80ec free 10121->10112 10126 7ff60a4e80f9 10121->10126 10122 7ff60a4e8168 10124 7ff60a4e8ec0 13 API calls 10122->10124 10123->10130 10127 7ff60a4e8179 free 10124->10127 10125 7ff60a4e7fe1 10128 7ff60a4e8138 _wcsdup 10125->10128 10129 7ff60a4e7fe9 _wfullpath 10125->10129 10126->10130 10133 7ff60a4e81b0 10126->10133 10134 7ff60a4e8107 10126->10134 10127->10130 10131 7ff60a4e8186 10127->10131 10128->10104 10132 7ff60a4e8221 10129->10132 10147 7ff60a4e8006 10129->10147 10130->9782 10130->9787 10135 7ff60a4e8232 10131->10135 10136 7ff60a4e818f 10131->10136 10137 7ff60a4e2e60 10 API calls 10132->10137 10138 7ff60a4e9090 10 API calls 10133->10138 10139 7ff60a4e7ec0 13 API calls 10134->10139 10141 7ff60a4e9090 10 API calls 10135->10141 10140 7ff60a4e7ec0 13 API calls 10136->10140 10137->10130 10142 7ff60a4e81c1 SetEnvironmentVariableW free 10138->10142 10143 7ff60a4e8116 free 10139->10143 10144 7ff60a4e819e free 10140->10144 10145 7ff60a4e8243 SetEnvironmentVariableW free 10141->10145 10142->10130 10143->10130 10144->10130 10145->10130 10146 7ff60a4e8075 CreateDirectoryW _wputenv_s free 10146->10105 10148 7ff60a4e81f8 10146->10148 10147->10146 10151 7ff60a4e8058 CreateDirectoryW wcschr 10147->10151 10149 7ff60a4e2e60 10 API calls 10148->10149 10150 7ff60a4e8204 10149->10150 10150->10130 10151->10146 10151->10147 10171 7ff60a4f0280 10152->10171 10156 7ff60a4ef020 10155->10156 10157 7ff60a4e9222 GetCurrentProcess OpenProcessToken 10156->10157 10158 7ff60a4e9310 GetTokenInformation 10157->10158 10159 7ff60a4e9266 10157->10159 10161 7ff60a4e9346 calloc 10158->10161 10162 7ff60a4e9337 GetLastError 10158->10162 10160 7ff60a4e926d free 10159->10160 10163 7ff60a4e9280 CloseHandle 10160->10163 10164 7ff60a4e9286 _snwprintf LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 10160->10164 10161->10159 10165 7ff60a4e9368 GetTokenInformation 10161->10165 10162->10159 10162->10161 10163->10164 10167 7ff60a4e92e5 CreateDirectoryW 10164->10167 10168 7ff60a4e80e8 10164->10168 10165->10160 10166 7ff60a4e9387 ConvertSidToStringSidW 10165->10166 10166->10160 10167->10168 10168->10121 10168->10122 10170 7ff60a4e943b 10169->10170 10170->10125 10172 7ff60a4f02a2 10171->10172 10173 7ff60a4f02cb 10171->10173 10177 7ff60a4f4dd3 _errno 10172->10177 10175 7ff60a4f4dd3 4 API calls 10173->10175 10176 7ff60a4e7d24 10175->10176 10176->10112 10178 7ff60a4f4e50 10177->10178 10179 7ff60a4f583f 10178->10179 10182 7ff60a4f3048 fputwc fwprintf fwprintf 10178->10182 10180 7ff60a4f5878 10179->10180 10183 7ff60a4f3048 10179->10183 10180->10176 10182->10178 10184 7ff60a4f3066 10183->10184 10185 7ff60a4f30a4 10184->10185 10190 7ff60a4f3179 10184->10190 10186 7ff60a4f30f5 fwprintf 10185->10186 10187 7ff60a4f30c0 fwprintf 10185->10187 10188 7ff60a4f312a 10185->10188 10186->10188 10187->10188 10188->10180 10189 7ff60a4f3226 10189->10188 10194 7ff60a4f2cc0 fputwc 10189->10194 10191 7ff60a4f31e8 10190->10191 10195 7ff60a4f2cc0 10190->10195 10191->10189 10193 7ff60a4f2cc0 fputwc 10191->10193 10193->10191 10194->10189 10196 7ff60a4f2cdf 10195->10196 10197 7ff60a4f2d17 10196->10197 10198 7ff60a4f2d01 fputwc 10196->10198 10197->10190 10198->10197 10200 7ff60a4e1d5f 10199->10200 10201 7ff60a4e1f40 10199->10201 10203 7ff60a4e1e60 10200->10203 10204 7ff60a4e1d69 10200->10204 10202 7ff60a4e2e60 10 API calls 10201->10202 10206 7ff60a4e1e6b 10202->10206 10336 7ff60a4e1ca0 10203->10336 10292 7ff60a4e8590 10204->10292 10206->9794 10208 7ff60a4e1e65 10208->10206 10214 7ff60a4e2e60 10 API calls 10208->10214 10210 7ff60a4e1f56 10213 7ff60a4e2fe0 11 API calls 10210->10213 10211 7ff60a4e1d88 10212 7ff60a4e4650 11 API calls 10211->10212 10215 7ff60a4e1d98 10212->10215 10213->10206 10214->10206 10216 7ff60a4e1da4 10215->10216 10217 7ff60a4e1ed0 10215->10217 10218 7ff60a4f0020 2 API calls 10216->10218 10219 7ff60a4e2e60 10 API calls 10217->10219 10220 7ff60a4e1db4 10218->10220 10221 7ff60a4e1ee4 10219->10221 10223 7ff60a4e1f20 10220->10223 10224 7ff60a4e1dbc 10220->10224 10222 7ff60a4e1e9b fclose 10221->10222 10222->9794 10225 7ff60a4e2fe0 11 API calls 10223->10225 10226 7ff60a4e1e80 10224->10226 10227 7ff60a4e1dc6 malloc 10224->10227 10228 7ff60a4e1e91 10225->10228 10314 7ff60a4e1710 10226->10314 10230 7ff60a4e1f6e 10227->10230 10231 7ff60a4e1ddc 10227->10231 10232 7ff60a4e1e93 fclose 10228->10232 10234 7ff60a4e2fe0 11 API calls 10230->10234 10233 7ff60a4e1e16 fread 10231->10233 10242 7ff60a4e1de4 free 10231->10242 10232->10222 10235 7ff60a4e1df0 fwrite 10233->10235 10236 7ff60a4e1e3b 10233->10236 10237 7ff60a4e1f84 10234->10237 10235->10231 10239 7ff60a4e1f00 10235->10239 10240 7ff60a4e2fe0 11 API calls 10236->10240 10237->10228 10241 7ff60a4e2fe0 11 API calls 10239->10241 10240->10242 10241->10242 10242->10232 10244 7ff60a4e3354 10243->10244 10435 7ff60a4e32d0 10244->10435 10247 7ff60a4e42f0 18 API calls 10248 7ff60a4e33a8 10247->10248 10249 7ff60a4e42f0 18 API calls 10248->10249 10250 7ff60a4e33b3 10249->10250 10251 7ff60a4e2240 2 API calls 10250->10251 10252 7ff60a4e33c2 10251->10252 10253 7ff60a4e3530 10252->10253 10254 7ff60a4e33cb 10252->10254 10255 7ff60a4e3270 6 API calls 10253->10255 10440 7ff60a4e3270 10254->10440 10284 7ff60a4e3450 10255->10284 10258 7ff60a4e340a 10260 7ff60a4e3270 6 API calls 10258->10260 10259 7ff60a4e34f8 10445 7ff60a4e86b0 10259->10445 10262 7ff60a4e342f 10260->10262 10266 7ff60a4e3270 6 API calls 10262->10266 10262->10284 10264 7ff60a4e21d0 12 API calls 10264->10284 10265 7ff60a4e34de 10265->9794 10266->10284 10267 7ff60a4e2e60 10 API calls 10270 7ff60a4e3521 10267->10270 10268 7ff60a4e3674 10271 7ff60a4e2e60 10 API calls 10268->10271 10269 7ff60a4e3483 strcmp 10280 7ff60a4e3493 10269->10280 10269->10284 10270->9794 10271->10270 10272 7ff60a4e3270 6 API calls 10272->10284 10273 7ff60a4e34ba strcmp 10275 7ff60a4e34d0 10273->10275 10273->10280 10274 7ff60a4e349d 10274->10265 10281 7ff60a4e2e60 10 API calls 10274->10281 10277 7ff60a4e1d40 65 API calls 10275->10277 10276 7ff60a4e3660 10279 7ff60a4e2e60 10 API calls 10276->10279 10277->10274 10278 7ff60a4e3645 10282 7ff60a4e2e60 10 API calls 10278->10282 10283 7ff60a4e366c 10279->10283 10280->10273 10280->10274 10281->10270 10282->10270 10285 7ff60a4e2210 free 10283->10285 10284->10264 10284->10268 10284->10269 10284->10272 10284->10276 10284->10278 10286 7ff60a4e3240 fputc 10284->10286 10287 7ff60a4e1f90 21 API calls 10284->10287 10288 7ff60a4e36a4 10284->10288 10285->10268 10286->10284 10287->10284 10289 7ff60a4e2e60 10 API calls 10288->10289 10290 7ff60a4e36b3 10289->10290 10291 7ff60a4e2210 free 10290->10291 10291->10268 10293 7ff60a4e859e 10292->10293 10347 7ff60a4e7d30 10293->10347 10298 7ff60a4e85e4 10356 7ff60a4e8480 10298->10356 10299 7ff60a4e8610 10300 7ff60a4e861b 10299->10300 10304 7ff60a4e7e30 15 API calls 10299->10304 10302 7ff60a4e8680 10300->10302 10303 7ff60a4e861f 10300->10303 10306 7ff60a4e2ed0 10 API calls 10302->10306 10370 7ff60a4e2ed0 10303->10370 10308 7ff60a4e8654 10304->10308 10305 7ff60a4e85ef 10309 7ff60a4e1d7c 10305->10309 10311 7ff60a4e4650 11 API calls 10305->10311 10306->10309 10308->10303 10313 7ff60a4e8668 free 10308->10313 10309->10210 10309->10211 10311->10309 10312 7ff60a4e8480 33 API calls 10312->10305 10313->10300 10394 7ff60a4ea920 10314->10394 10316 7ff60a4e1779 10317 7ff60a4e1783 malloc 10316->10317 10318 7ff60a4e1a58 10316->10318 10319 7ff60a4e1aaf 10317->10319 10320 7ff60a4e1799 malloc 10317->10320 10321 7ff60a4e2e60 10 API calls 10318->10321 10322 7ff60a4e2fe0 11 API calls 10319->10322 10323 7ff60a4e17af 10320->10323 10324 7ff60a4e1a98 10320->10324 10335 7ff60a4e180d 10321->10335 10322->10319 10326 7ff60a4e17d5 fread 10323->10326 10325 7ff60a4e2fe0 11 API calls 10324->10325 10325->10319 10327 7ff60a4e17fd ferror 10326->10327 10331 7ff60a4e1854 10326->10331 10327->10331 10327->10335 10328 7ff60a4e2e60 10 API calls 10330 7ff60a4e1892 10328->10330 10329 7ff60a4e1ad0 10333 7ff60a4e189f free free 10330->10333 10331->10328 10331->10330 10332 7ff60a4e18e7 fwrite 10332->10331 10334 7ff60a4e190f ferror 10332->10334 10333->10228 10334->10331 10334->10335 10335->10326 10335->10329 10335->10331 10335->10332 10337 7ff60a4e1cae 10336->10337 10398 7ff60a4e1b30 10337->10398 10340 7ff60a4e8480 33 API calls 10342 7ff60a4e1cda 10340->10342 10343 7ff60a4e1af0 fputc 10342->10343 10346 7ff60a4e1d19 free 10342->10346 10344 7ff60a4e1d07 10343->10344 10344->10346 10423 7ff60a4e4730 10344->10423 10346->10208 10348 7ff60a4f01e0 fputc 10347->10348 10349 7ff60a4e7d4d 10348->10349 10349->10309 10350 7ff60a4e44c0 10349->10350 10351 7ff60a4e44cb 10350->10351 10352 7ff60a4e9090 10 API calls 10351->10352 10353 7ff60a4e44e4 10352->10353 10375 7ff60a4eff1b 10353->10375 10357 7ff60a4e8490 10356->10357 10358 7ff60a4e7d30 fputc 10357->10358 10359 7ff60a4e84b2 10358->10359 10360 7ff60a4e8569 10359->10360 10361 7ff60a4e7d30 fputc 10359->10361 10360->10305 10362 7ff60a4e84dc 10361->10362 10362->10360 10363 7ff60a4e84e7 strlen 10362->10363 10368 7ff60a4e8504 10363->10368 10364 7ff60a4e8580 10364->10305 10365 7ff60a4e8510 strlen 10365->10360 10366 7ff60a4e8526 strlen strcpy strtok 10365->10366 10366->10364 10366->10368 10367 7ff60a4e44c0 15 API calls 10367->10368 10368->10360 10368->10364 10368->10365 10368->10367 10388 7ff60a4e46f0 10368->10388 10371 7ff60a4f01e0 fputc 10370->10371 10372 7ff60a4e2f12 10371->10372 10373 7ff60a4e2dc0 10 API calls 10372->10373 10374 7ff60a4e2f27 10373->10374 10374->10312 10382 7ff60a4efd30 10375->10382 10377 7ff60a4eff37 10378 7ff60a4eff64 10377->10378 10379 7ff60a4eff58 free 10377->10379 10380 7ff60a4eff6a memset 10378->10380 10381 7ff60a4e44f1 10378->10381 10379->10378 10380->10381 10381->10298 10381->10299 10383 7ff60a4efd91 10382->10383 10384 7ff60a4efd4f 10382->10384 10383->10377 10384->10383 10385 7ff60a4efd5f wcslen 10384->10385 10385->10383 10387 7ff60a4efd74 10385->10387 10386 7ff60a4efec6 malloc memcpy 10386->10383 10387->10383 10387->10386 10389 7ff60a4e46fb 10388->10389 10390 7ff60a4e9090 10 API calls 10389->10390 10391 7ff60a4e4714 10390->10391 10392 7ff60a4e9210 13 API calls 10391->10392 10393 7ff60a4e471c 10392->10393 10393->10368 10396 7ff60a4ea830 10394->10396 10395 7ff60a4ea893 10395->10316 10396->10395 10397 7ff60a4ea87e malloc 10396->10397 10397->10395 10399 7ff60a4e4650 11 API calls 10398->10399 10400 7ff60a4e1b52 10399->10400 10401 7ff60a4e1b5e 10400->10401 10402 7ff60a4e1c60 10400->10402 10403 7ff60a4f0020 2 API calls 10401->10403 10404 7ff60a4e2e60 10 API calls 10402->10404 10405 7ff60a4e1b70 10403->10405 10406 7ff60a4e1c08 10404->10406 10407 7ff60a4e1c40 10405->10407 10408 7ff60a4e1b78 malloc 10405->10408 10406->10340 10406->10346 10409 7ff60a4e2fe0 11 API calls 10407->10409 10410 7ff60a4e1b91 10408->10410 10411 7ff60a4e1c76 10408->10411 10416 7ff60a4e1ba5 10409->10416 10413 7ff60a4e1c20 10410->10413 10414 7ff60a4e1b9d 10410->10414 10412 7ff60a4e2fe0 11 API calls 10411->10412 10412->10416 10415 7ff60a4e1710 20 API calls 10413->10415 10414->10416 10417 7ff60a4e1bb8 fread 10414->10417 10418 7ff60a4e1c00 fclose 10414->10418 10419 7ff60a4e1c31 10415->10419 10416->10418 10417->10414 10420 7ff60a4e1bdd 10417->10420 10418->10406 10419->10418 10422 7ff60a4e1bf5 free 10419->10422 10421 7ff60a4e2fe0 11 API calls 10420->10421 10421->10422 10422->10416 10424 7ff60a4e473e 10423->10424 10425 7ff60a4e9090 10 API calls 10424->10425 10426 7ff60a4e475d 10425->10426 10427 7ff60a4e47d0 10426->10427 10428 7ff60a4e9090 10 API calls 10426->10428 10427->10346 10429 7ff60a4e477b 10428->10429 10429->10427 10430 7ff60a4e4780 CreateSymbolicLinkW 10429->10430 10430->10427 10431 7ff60a4e47a6 10430->10431 10431->10427 10432 7ff60a4e47b0 GetLastError 10431->10432 10432->10427 10433 7ff60a4e47bb 10432->10433 10434 7ff60a4e4730 10 API calls 10433->10434 10434->10427 10465 7ff60a4e3240 10435->10465 10437 7ff60a4e32f0 10438 7ff60a4e331d 10437->10438 10439 7ff60a4e3309 strcpy 10437->10439 10438->10247 10438->10270 10439->10438 10441 7ff60a4f01e0 fputc 10440->10441 10442 7ff60a4e32a2 10441->10442 10443 7ff60a4e32b6 10442->10443 10468 7ff60a4efa6a 10442->10468 10443->10258 10443->10259 10446 7ff60a4e86bd 10445->10446 10447 7ff60a4e4650 11 API calls 10446->10447 10448 7ff60a4e86d2 10447->10448 10449 7ff60a4e8590 40 API calls 10448->10449 10450 7ff60a4e86e0 10449->10450 10451 7ff60a4e87a9 10450->10451 10452 7ff60a4e879c 10450->10452 10456 7ff60a4e86f5 10450->10456 10453 7ff60a4e87ae fclose 10451->10453 10454 7ff60a4e350a 10451->10454 10452->10451 10455 7ff60a4e87a1 fclose 10452->10455 10453->10454 10454->10265 10454->10267 10455->10451 10457 7ff60a4e8710 fread 10456->10457 10464 7ff60a4e8771 fclose fclose 10456->10464 10459 7ff60a4e872e ferror 10457->10459 10460 7ff60a4e8748 fwrite 10457->10460 10459->10456 10461 7ff60a4e873a clearerr 10459->10461 10462 7ff60a4e875d ferror 10460->10462 10463 7ff60a4e8769 clearerr 10460->10463 10461->10464 10462->10456 10462->10463 10463->10464 10464->10454 10466 7ff60a4f01e0 fputc 10465->10466 10467 7ff60a4e325d 10466->10467 10467->10437 10475 7ff60a4ef8b0 10468->10475 10470 7ff60a4efa86 10471 7ff60a4efab3 10470->10471 10472 7ff60a4efaa7 free 10470->10472 10473 7ff60a4efada 10471->10473 10474 7ff60a4efab9 memset 10471->10474 10472->10471 10473->10443 10474->10473 10476 7ff60a4ef8cf 10475->10476 10480 7ff60a4ef90e 10475->10480 10477 7ff60a4ef8de strlen 10476->10477 10476->10480 10478 7ff60a4ef8f3 10477->10478 10477->10480 10479 7ff60a4efa20 malloc memcpy 10478->10479 10478->10480 10479->10480 10480->10470 10481->9818 10482->9817 10484 7ff60a4efba1 10483->10484 10485 7ff60a4efbd5 memcpy 10484->10485 10486 7ff60a4efbb2 memset 10484->10486 10487 7ff60a4e82ee 10485->10487 10486->10487 10487->9832 10488 7ff60a4e83a0 10487->10488 10489 7ff60a4e83ae 10488->10489 10490 7ff60a4e83e0 wcscmp 10489->10490 10491 7ff60a4e83d1 10489->10491 10490->10491 10492 7ff60a4e83f3 wcscat 10490->10492 10491->9835 10493 7ff60a4e8440 _wremove 10492->10493 10494 7ff60a4e840d 10492->10494 10493->10491 10496 7ff60a4e844d Sleep _wremove 10493->10496 10508 7ff60a4e93b0 FindFirstFileExW 10494->10508 10496->10491 10498 7ff60a4e8468 _wrmdir 10498->10491 10499 7ff60a4e8416 10500 7ff60a4e8ec0 13 API calls 10499->10500 10501 7ff60a4e842c 10500->10501 10502 7ff60a4e8260 24 API calls 10501->10502 10502->10491 10504 7ff60a4efc81 10503->10504 10505 7ff60a4efc90 memset 10504->10505 10506 7ff60a4efcb1 memcpy 10504->10506 10507 7ff60a4efd21 10505->10507 10506->10507 10507->9835 10509 7ff60a4e93e4 FindClose 10508->10509 10510 7ff60a4e8412 10508->10510 10509->10510 10510->10498 10510->10499 10512 7ff60a4e62fe 10511->10512 10594 7ff60a4e62c0 10512->10594 10515 7ff60a4e6330 10517 7ff60a4e633f 10515->10517 10520 7ff60a4e4390 4 API calls 10515->10520 10516 7ff60a4e6407 10518 7ff60a4e2e60 10 API calls 10516->10518 10519 7ff60a4e4390 4 API calls 10517->10519 10521 7ff60a4e3c0d 10518->10521 10522 7ff60a4e6354 10519->10522 10523 7ff60a4e63a9 10520->10523 10521->9861 10537 7ff60a4e6450 10521->10537 10525 7ff60a4e6359 10522->10525 10527 7ff60a4e2e60 10 API calls 10522->10527 10524 7ff60a4e63ae 10523->10524 10529 7ff60a4e2e60 10 API calls 10523->10529 10526 7ff60a4e44c0 15 API calls 10524->10526 10597 7ff60a4e87c0 10525->10597 10530 7ff60a4e63b6 10526->10530 10527->10525 10529->10524 10530->10517 10535 7ff60a4e87c0 12 API calls 10530->10535 10531 7ff60a4e6361 10532 7ff60a4e636d 10531->10532 10533 7ff60a4e6429 10531->10533 10600 7ff60a4e59c0 GetProcAddress 10532->10600 10534 7ff60a4e2f40 10 API calls 10533->10534 10534->10521 10535->10517 10733 7ff60a4e49f0 calloc 10537->10733 10540 7ff60a4e6612 10542 7ff60a4e2e60 10 API calls 10540->10542 10541 7ff60a4e646c 10543 7ff60a4e65c2 10541->10543 10544 7ff60a4e647c 10541->10544 10546 7ff60a4e653d 10542->10546 10545 7ff60a4e2e60 10 API calls 10543->10545 10547 7ff60a4e662e 10544->10547 10548 7ff60a4e648d 10544->10548 10545->10546 10776 7ff60a4e4960 10546->10776 10550 7ff60a4e2e60 10 API calls 10547->10550 10748 7ff60a4e4db0 10548->10748 10550->10546 10553 7ff60a4e64a4 10554 7ff60a4e65da 10553->10554 10555 7ff60a4e64ac 10553->10555 10556 7ff60a4e2e60 10 API calls 10554->10556 10557 7ff60a4e64bf 10555->10557 10558 7ff60a4e65e8 10555->10558 10556->10546 10760 7ff60a4e4ee0 10557->10760 10560 7ff60a4e2e60 10 API calls 10558->10560 10560->10546 10561 7ff60a4e64ca 10562 7ff60a4e64d2 10561->10562 10563 7ff60a4e65f6 10561->10563 10769 7ff60a4e51b0 calloc 10562->10769 10565 7ff60a4e2e60 10 API calls 10563->10565 10565->10546 10567 7ff60a4e64e5 10570 7ff60a4e6620 10567->10570 10571 7ff60a4e64f8 10567->10571 10568 7ff60a4e6604 10569 7ff60a4e2e60 10 API calls 10568->10569 10569->10546 10572 7ff60a4e2e60 10 API calls 10570->10572 10573 7ff60a4e64ff 10571->10573 10574 7ff60a4e656e fflush 10571->10574 10572->10546 10573->10546 10576 7ff60a4e2e60 10 API calls 10573->10576 10575 7ff60a4e657d fflush 10574->10575 10575->10573 10576->10546 10577 7ff60a4e6640 strlen 10578 7ff60a4e667d 10577->10578 10579 7ff60a4e6799 10578->10579 10588 7ff60a4e6689 10578->10588 10580 7ff60a4e2e60 10 API calls 10579->10580 10581 7ff60a4e6770 10580->10581 10581->9859 10582 7ff60a4e6788 10582->9859 10583 7ff60a4e1b30 27 API calls 10583->10588 10584 7ff60a4e6733 10585 7ff60a4e2e60 10 API calls 10584->10585 10589 7ff60a4e6742 free 10585->10589 10587 7ff60a4e66db free 10587->10588 10588->10582 10588->10583 10588->10584 10588->10587 10589->10581 10591 7ff60a4e6893 10590->10591 10593 7ff60a4e6898 10590->10593 10591->9861 10593->10591 10794 7ff60a4e67b0 strlen 10593->10794 10595 7ff60a4f01e0 fputc 10594->10595 10596 7ff60a4e62e4 10595->10596 10596->10515 10596->10516 10598 7ff60a4e9090 10 API calls 10597->10598 10599 7ff60a4e87d3 LoadLibraryExW free 10598->10599 10599->10531 10601 7ff60a4e5ea6 10600->10601 10602 7ff60a4e59e9 GetProcAddress 10600->10602 10603 7ff60a4e2f40 10 API calls 10601->10603 10604 7ff60a4e5a05 GetProcAddress 10602->10604 10605 7ff60a4e5edc 10602->10605 10609 7ff60a4e5e9d 10603->10609 10606 7ff60a4e5a21 GetProcAddress 10604->10606 10607 7ff60a4e5ec7 10604->10607 10608 7ff60a4e2f40 10 API calls 10605->10608 10611 7ff60a4e5a3d GetProcAddress 10606->10611 10612 7ff60a4e5f06 10606->10612 10610 7ff60a4e2f40 10 API calls 10607->10610 10608->10609 10609->10521 10610->10609 10613 7ff60a4e5ef1 10611->10613 10614 7ff60a4e5a59 GetProcAddress 10611->10614 10615 7ff60a4e2f40 10 API calls 10612->10615 10618 7ff60a4e2f40 10 API calls 10613->10618 10616 7ff60a4e5a75 GetProcAddress 10614->10616 10617 7ff60a4e5f48 10614->10617 10615->10609 10620 7ff60a4e5a91 GetProcAddress 10616->10620 10621 7ff60a4e5f30 10616->10621 10619 7ff60a4e2f40 10 API calls 10617->10619 10618->10609 10619->10609 10623 7ff60a4e5f1b 10620->10623 10624 7ff60a4e5aad GetProcAddress 10620->10624 10622 7ff60a4e2f40 10 API calls 10621->10622 10622->10609 10625 7ff60a4e2f40 10 API calls 10623->10625 10626 7ff60a4e5f60 10624->10626 10627 7ff60a4e5ac9 GetProcAddress 10624->10627 10625->10609 10628 7ff60a4e2f40 10 API calls 10626->10628 10629 7ff60a4e5ae5 GetProcAddress 10627->10629 10630 7ff60a4e5fc0 10627->10630 10628->10609 10632 7ff60a4e5b01 GetProcAddress 10629->10632 10633 7ff60a4e5fa8 10629->10633 10631 7ff60a4e2f40 10 API calls 10630->10631 10631->10609 10635 7ff60a4e5f90 10632->10635 10636 7ff60a4e5b1d GetProcAddress 10632->10636 10634 7ff60a4e2f40 10 API calls 10633->10634 10634->10609 10639 7ff60a4e2f40 10 API calls 10635->10639 10637 7ff60a4e5b39 GetProcAddress 10636->10637 10638 7ff60a4e5f78 10636->10638 10640 7ff60a4e5b55 GetProcAddress 10637->10640 10641 7ff60a4e6020 10637->10641 10642 7ff60a4e2f40 10 API calls 10638->10642 10639->10609 10643 7ff60a4e5b71 GetProcAddress 10640->10643 10644 7ff60a4e6008 10640->10644 10645 7ff60a4e2f40 10 API calls 10641->10645 10642->10609 10647 7ff60a4e5ff0 10643->10647 10648 7ff60a4e5b8d GetProcAddress 10643->10648 10646 7ff60a4e2f40 10 API calls 10644->10646 10645->10609 10646->10609 10651 7ff60a4e2f40 10 API calls 10647->10651 10649 7ff60a4e5ba9 GetProcAddress 10648->10649 10650 7ff60a4e5fd8 10648->10650 10652 7ff60a4e5bc5 GetProcAddress 10649->10652 10653 7ff60a4e6038 10649->10653 10654 7ff60a4e2f40 10 API calls 10650->10654 10651->10609 10655 7ff60a4e5be1 GetProcAddress 10652->10655 10656 7ff60a4e6050 10652->10656 10657 7ff60a4e2f40 10 API calls 10653->10657 10654->10609 10658 7ff60a4e6080 10655->10658 10659 7ff60a4e5bfd GetProcAddress 10655->10659 10660 7ff60a4e2f40 10 API calls 10656->10660 10657->10609 10663 7ff60a4e2f40 10 API calls 10658->10663 10661 7ff60a4e5c19 GetProcAddress 10659->10661 10662 7ff60a4e6068 10659->10662 10660->10609 10664 7ff60a4e5c35 GetProcAddress 10661->10664 10665 7ff60a4e60c8 10661->10665 10666 7ff60a4e2f40 10 API calls 10662->10666 10663->10609 10668 7ff60a4e5c51 GetProcAddress 10664->10668 10669 7ff60a4e60b0 10664->10669 10667 7ff60a4e2f40 10 API calls 10665->10667 10666->10609 10667->10609 10671 7ff60a4e5c6d GetProcAddress 10668->10671 10672 7ff60a4e6098 10668->10672 10670 7ff60a4e2f40 10 API calls 10669->10670 10670->10609 10674 7ff60a4e60e0 10671->10674 10675 7ff60a4e5c89 GetProcAddress 10671->10675 10673 7ff60a4e2f40 10 API calls 10672->10673 10673->10609 10676 7ff60a4e2f40 10 API calls 10674->10676 10677 7ff60a4e5ca5 GetProcAddress 10675->10677 10678 7ff60a4e6140 10675->10678 10676->10609 10680 7ff60a4e5cc1 GetProcAddress 10677->10680 10681 7ff60a4e6128 10677->10681 10679 7ff60a4e2f40 10 API calls 10678->10679 10679->10609 10683 7ff60a4e6110 10680->10683 10684 7ff60a4e5cdd GetProcAddress 10680->10684 10682 7ff60a4e2f40 10 API calls 10681->10682 10682->10609 10687 7ff60a4e2f40 10 API calls 10683->10687 10685 7ff60a4e5cf9 GetProcAddress 10684->10685 10686 7ff60a4e60f8 10684->10686 10688 7ff60a4e5d15 GetProcAddress 10685->10688 10689 7ff60a4e61a0 10685->10689 10690 7ff60a4e2f40 10 API calls 10686->10690 10687->10609 10691 7ff60a4e5d31 GetProcAddress 10688->10691 10692 7ff60a4e6188 10688->10692 10693 7ff60a4e2f40 10 API calls 10689->10693 10690->10609 10695 7ff60a4e6170 10691->10695 10696 7ff60a4e5d4d GetProcAddress 10691->10696 10694 7ff60a4e2f40 10 API calls 10692->10694 10693->10609 10694->10609 10699 7ff60a4e2f40 10 API calls 10695->10699 10697 7ff60a4e5d69 GetProcAddress 10696->10697 10698 7ff60a4e6158 10696->10698 10700 7ff60a4e5d85 GetProcAddress 10697->10700 10701 7ff60a4e61d0 10697->10701 10702 7ff60a4e2f40 10 API calls 10698->10702 10699->10609 10703 7ff60a4e5da1 GetProcAddress 10700->10703 10704 7ff60a4e61b8 10700->10704 10705 7ff60a4e2f40 10 API calls 10701->10705 10702->10609 10707 7ff60a4e6200 10703->10707 10708 7ff60a4e5dbd GetProcAddress 10703->10708 10706 7ff60a4e2f40 10 API calls 10704->10706 10705->10609 10706->10609 10711 7ff60a4e2f40 10 API calls 10707->10711 10709 7ff60a4e5dd9 GetProcAddress 10708->10709 10710 7ff60a4e61e8 10708->10710 10712 7ff60a4e5df5 GetProcAddress 10709->10712 10713 7ff60a4e6260 10709->10713 10714 7ff60a4e2f40 10 API calls 10710->10714 10711->10609 10715 7ff60a4e5e11 GetProcAddress 10712->10715 10716 7ff60a4e6248 10712->10716 10717 7ff60a4e2f40 10 API calls 10713->10717 10714->10609 10719 7ff60a4e6230 10715->10719 10720 7ff60a4e5e2d GetProcAddress 10715->10720 10718 7ff60a4e2f40 10 API calls 10716->10718 10717->10609 10718->10609 10721 7ff60a4e2f40 10 API calls 10719->10721 10722 7ff60a4e5e49 GetProcAddress 10720->10722 10723 7ff60a4e6218 10720->10723 10721->10609 10725 7ff60a4e5e65 GetProcAddress 10722->10725 10726 7ff60a4e6290 10722->10726 10724 7ff60a4e2f40 10 API calls 10723->10724 10724->10609 10728 7ff60a4e5e81 GetProcAddress 10725->10728 10729 7ff60a4e6278 10725->10729 10727 7ff60a4e2f40 10 API calls 10726->10727 10727->10609 10728->10609 10731 7ff60a4e62a8 10728->10731 10730 7ff60a4e2f40 10 API calls 10729->10730 10730->10609 10732 7ff60a4e2f40 10 API calls 10731->10732 10732->10609 10734 7ff60a4e4c88 10733->10734 10743 7ff60a4e4a1e 10733->10743 10734->10540 10734->10541 10735 7ff60a4e4d00 10736 7ff60a4e4a81 strncmp 10736->10743 10737 7ff60a4e4aa5 strcmp 10737->10743 10738 7ff60a4e4b30 calloc calloc 10740 7ff60a4e4c80 10738->10740 10747 7ff60a4e4b65 10738->10747 10739 7ff60a4e4ad0 strcmp 10739->10743 10741 7ff60a4e4960 4 API calls 10740->10741 10741->10734 10742 7ff60a4e4af8 strcmp 10742->10743 10743->10735 10743->10736 10743->10737 10743->10738 10743->10739 10743->10742 10784 7ff60a4e47f0 strlen strncmp 10743->10784 10745 7ff60a4e4860 mbstowcs 10745->10747 10746 7ff60a4e47f0 strlen strncmp 10746->10747 10747->10734 10747->10740 10747->10745 10747->10746 10749 7ff60a4e4dc4 10748->10749 10750 7ff60a4e4e28 10748->10750 10752 7ff60a4e4df0 10749->10752 10753 7ff60a4e4dc6 10749->10753 10751 7ff60a4e48b0 11 API calls 10750->10751 10755 7ff60a4e4e3e 10751->10755 10754 7ff60a4e4e18 10752->10754 10756 7ff60a4e48b0 11 API calls 10752->10756 10753->10754 10786 7ff60a4e48b0 10753->10786 10754->10553 10755->10553 10759 7ff60a4e4e0d 10756->10759 10759->10553 10761 7ff60a4e4ef2 10760->10761 10791 7ff60a4e4930 10761->10791 10764 7ff60a4e4930 fputc 10767 7ff60a4e4f83 10764->10767 10766 7ff60a4e9090 10 API calls 10766->10767 10767->10766 10768 7ff60a4e4fd1 free free free 10767->10768 10768->10561 10770 7ff60a4e52d5 10769->10770 10772 7ff60a4e51e2 10769->10772 10770->10567 10770->10568 10771 7ff60a4e9090 10 API calls 10771->10772 10772->10771 10773 7ff60a4e5226 10772->10773 10773->10770 10774 7ff60a4e52cd free 10773->10774 10775 7ff60a4e52b8 free 10773->10775 10774->10770 10775->10774 10775->10775 10777 7ff60a4e3c23 10776->10777 10778 7ff60a4e496e 10776->10778 10777->9861 10777->10577 10779 7ff60a4e4996 free 10778->10779 10780 7ff60a4e4980 free 10778->10780 10781 7ff60a4e49c6 free 10779->10781 10782 7ff60a4e49a6 10779->10782 10780->10779 10780->10780 10781->10777 10783 7ff60a4e49b0 free 10782->10783 10783->10781 10783->10783 10785 7ff60a4e481a 10784->10785 10785->10743 10787 7ff60a4e9090 10 API calls 10786->10787 10788 7ff60a4e48ca 10787->10788 10789 7ff60a4e4915 10788->10789 10790 7ff60a4e48e9 free 10788->10790 10789->10553 10790->10789 10792 7ff60a4f01e0 fputc 10791->10792 10793 7ff60a4e4954 10792->10793 10793->10764 10793->10768 10795 7ff60a4e67e6 10794->10795 10796 7ff60a4e685c 10795->10796 10797 7ff60a4e6826 10795->10797 10798 7ff60a4e2e60 10 API calls 10796->10798 10799 7ff60a4e6836 10797->10799 10800 7ff60a4e2e60 10 API calls 10797->10800 10798->10799 10799->10593 10801 7ff60a4e6850 10800->10801 10801->10593 10803 7ff60a4e246b strcmp 10802->10803 10804 7ff60a4e2457 10802->10804 10805 7ff60a4e2460 10803->10805 10806 7ff60a4e247b 10803->10806 10804->9898 10805->10803 10805->10804 10806->9898 10810 7ff60a4ef060 setlocale 10807->10810 10811 7ff60a4ef099 setlocale 10810->10811 10812 7ff60a4ef089 _strdup 10810->10812 10813 7ff60a4ef0b8 10811->10813 10814 7ff60a4ef326 wcstombs realloc wcstombs setlocale free 10811->10814 10812->10811 10813->10814 10816 7ff60a4ef0c7 mbstowcs 10813->10816 10815 7ff60a4e4370 strcpy 10814->10815 10815->9892 10817 7ff60a4ef020 10816->10817 10818 7ff60a4ef10f mbstowcs 10817->10818 10819 7ff60a4ef14f 10818->10819 10820 7ff60a4ef323 10819->10820 10827 7ff60a4ef183 10819->10827 10820->10814 10821 7ff60a4ef234 wcstombs 10823 7ff60a4ef264 wcstombs 10821->10823 10824 7ff60a4ef256 10821->10824 10822 7ff60a4ef299 wcstombs realloc wcstombs 10825 7ff60a4ef2fa setlocale free 10822->10825 10823->10825 10826 7ff60a4ef28f 10823->10826 10824->10823 10825->10815 10826->10825 10827->10821 10827->10822 10829 7ff60a4e79ff 10828->10829 10830 7ff60a4e76ad GetProcAddress 10828->10830 10831 7ff60a4e2f40 10 API calls 10829->10831 10832 7ff60a4e7a34 10830->10832 10833 7ff60a4e76c9 GetProcAddress 10830->10833 10918 7ff60a4e79f5 10831->10918 10836 7ff60a4e2f40 10 API calls 10832->10836 10834 7ff60a4e76e5 GetProcAddress 10833->10834 10835 7ff60a4e7a1f 10833->10835 10837 7ff60a4e7a5e 10834->10837 10838 7ff60a4e7701 GetProcAddress 10834->10838 10839 7ff60a4e2f40 10 API calls 10835->10839 10836->10918 10840 7ff60a4e2f40 10 API calls 10837->10840 10841 7ff60a4e771d GetProcAddress 10838->10841 10842 7ff60a4e7a49 10838->10842 10839->10918 10840->10918 10843 7ff60a4e7aa0 10841->10843 10844 7ff60a4e7739 GetProcAddress 10841->10844 10845 7ff60a4e2f40 10 API calls 10842->10845 10848 7ff60a4e2f40 10 API calls 10843->10848 10846 7ff60a4e7755 GetProcAddress 10844->10846 10847 7ff60a4e7a88 10844->10847 10845->10918 10850 7ff60a4e7a73 10846->10850 10851 7ff60a4e7771 GetProcAddress 10846->10851 10849 7ff60a4e2f40 10 API calls 10847->10849 10848->10918 10849->10918 10852 7ff60a4e2f40 10 API calls 10850->10852 10853 7ff60a4e778d GetProcAddress 10851->10853 10854 7ff60a4e7ab8 10851->10854 10852->10918 10855 7ff60a4e77a9 GetProcAddress 10853->10855 10856 7ff60a4e7b18 10853->10856 10857 7ff60a4e2f40 10 API calls 10854->10857 10859 7ff60a4e77c5 GetProcAddress 10855->10859 10860 7ff60a4e7b00 10855->10860 10858 7ff60a4e2f40 10 API calls 10856->10858 10857->10918 10858->10918 10862 7ff60a4e77e1 GetProcAddress 10859->10862 10863 7ff60a4e7ae8 10859->10863 10861 7ff60a4e2f40 10 API calls 10860->10861 10861->10918 10864 7ff60a4e7ad0 10862->10864 10865 7ff60a4e77fd GetProcAddress 10862->10865 10866 7ff60a4e2f40 10 API calls 10863->10866 10867 7ff60a4e2f40 10 API calls 10864->10867 10868 7ff60a4e7819 GetProcAddress 10865->10868 10869 7ff60a4e7b78 10865->10869 10866->10918 10867->10918 10870 7ff60a4e7835 GetProcAddress 10868->10870 10871 7ff60a4e7b60 10868->10871 10872 7ff60a4e2f40 10 API calls 10869->10872 10873 7ff60a4e7851 GetProcAddress 10870->10873 10874 7ff60a4e7b48 10870->10874 10875 7ff60a4e2f40 10 API calls 10871->10875 10872->10918 10877 7ff60a4e7b30 10873->10877 10878 7ff60a4e786d GetProcAddress 10873->10878 10876 7ff60a4e2f40 10 API calls 10874->10876 10875->10918 10876->10918 10881 7ff60a4e2f40 10 API calls 10877->10881 10879 7ff60a4e7b90 10878->10879 10880 7ff60a4e7889 GetProcAddress 10878->10880 10884 7ff60a4e2f40 10 API calls 10879->10884 10882 7ff60a4e78a5 GetProcAddress 10880->10882 10883 7ff60a4e7ba8 10880->10883 10881->10918 10885 7ff60a4e78c1 GetProcAddress 10882->10885 10886 7ff60a4e7bd8 10882->10886 10887 7ff60a4e2f40 10 API calls 10883->10887 10884->10918 10889 7ff60a4e7bc0 10885->10889 10890 7ff60a4e78dd GetProcAddress 10885->10890 10888 7ff60a4e2f40 10 API calls 10886->10888 10887->10918 10888->10918 10893 7ff60a4e2f40 10 API calls 10889->10893 10891 7ff60a4e7c20 10890->10891 10892 7ff60a4e78f9 GetProcAddress 10890->10892 10896 7ff60a4e2f40 10 API calls 10891->10896 10894 7ff60a4e7915 GetProcAddress 10892->10894 10895 7ff60a4e7c08 10892->10895 10893->10918 10898 7ff60a4e7931 GetProcAddress 10894->10898 10899 7ff60a4e7bf0 10894->10899 10897 7ff60a4e2f40 10 API calls 10895->10897 10896->10918 10897->10918 10901 7ff60a4e794d GetProcAddress 10898->10901 10902 7ff60a4e7c38 10898->10902 10900 7ff60a4e2f40 10 API calls 10899->10900 10900->10918 10903 7ff60a4e7969 GetProcAddress 10901->10903 10904 7ff60a4e7c98 10901->10904 10905 7ff60a4e2f40 10 API calls 10902->10905 10907 7ff60a4e7985 GetProcAddress 10903->10907 10908 7ff60a4e7c80 10903->10908 10906 7ff60a4e2f40 10 API calls 10904->10906 10905->10918 10906->10918 10910 7ff60a4e79a1 GetProcAddress 10907->10910 10911 7ff60a4e7c68 10907->10911 10909 7ff60a4e2f40 10 API calls 10908->10909 10909->10918 10912 7ff60a4e7c50 10910->10912 10913 7ff60a4e79bd GetProcAddress 10910->10913 10914 7ff60a4e2f40 10 API calls 10911->10914 10915 7ff60a4e2f40 10 API calls 10912->10915 10916 7ff60a4e7cb0 10913->10916 10917 7ff60a4e79d9 GetProcAddress 10913->10917 10914->10918 10915->10918 10920 7ff60a4e2f40 10 API calls 10916->10920 10917->10918 10919 7ff60a4e7cc8 10917->10919 10918->9911 10921 7ff60a4e2f40 10 API calls 10919->10921 10920->10918 10921->10918 10925 7ff60a4f0130 fgetpos 10922->10925 10926 7ff60a4f0128 10925->10926 10926->9926 9619 7ff60a4eb3d0 9622 7ff60a4eab1a 9619->9622 9621 7ff60a4eaa3b 9622->9621 9623 7ff60a4ea4f0 9622->9623 9624 7ff60a4ea5b0 malloc 9623->9624 9625 7ff60a4ea512 9623->9625 9624->9625 9629 7ff60a4ea55b 9624->9629 9626 7ff60a4ea532 memcpy 9625->9626 9627 7ff60a4ea588 memcpy 9625->9627 9628 7ff60a4ea5f0 memcpy 9626->9628 9626->9629 9627->9629 9628->9629 9629->9622 11774 7ff60a4eadb8 11776 7ff60a4eab1a 11774->11776 11777 7ff60a4eaa3b 11774->11777 11775 7ff60a4ea4f0 4 API calls 11775->11776 11776->11775 11776->11777

                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                        Function 00007FF60A4E7F60 Relevance: 49.2, APIs: 20, Strings: 8, Instructions: 188COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 0 7ff60a4e7f60-7ff60a4e7f82 call 7ff60a4ef020 3 7ff60a4e8150-7ff60a4e8160 0->3 4 7ff60a4e7f88-7ff60a4e7faa call 7ff60a4e7e30 call 7ff60a4e9090 0->4 5 7ff60a4e809e-7ff60a4e80cd GetTempPathW _getpid call 7ff60a4e7d00 3->5 13 7ff60a4e8210-7ff60a4e821c call 7ff60a4e2e60 4->13 14 7ff60a4e7fb0-7ff60a4e7fd3 ExpandEnvironmentStringsW free 4->14 12 7ff60a4e80d4-7ff60a4e80e3 _wtempnam call 7ff60a4e9210 5->12 19 7ff60a4e80e8-7ff60a4e80ea 12->19 26 7ff60a4e811e 13->26 17 7ff60a4e81e0-7ff60a4e81ec call 7ff60a4e2e60 14->17 18 7ff60a4e7fd9-7ff60a4e7fe3 call 7ff60a4e9420 14->18 17->26 31 7ff60a4e8138-7ff60a4e8141 _wcsdup 18->31 32 7ff60a4e7fe9-7ff60a4e8000 _wfullpath 18->32 22 7ff60a4e80ec-7ff60a4e80f7 free 19->22 23 7ff60a4e8168-7ff60a4e8184 call 7ff60a4e8ec0 free 19->23 22->12 28 7ff60a4e80f9-7ff60a4e80fc 22->28 35 7ff60a4e81a6-7ff60a4e81ab 23->35 36 7ff60a4e8186-7ff60a4e8189 23->36 34 7ff60a4e8120-7ff60a4e8133 26->34 28->26 33 7ff60a4e80fe-7ff60a4e8101 28->33 31->3 37 7ff60a4e8221-7ff60a4e822d call 7ff60a4e2e60 32->37 38 7ff60a4e8006-7ff60a4e8035 call 7ff60a4f9300 32->38 39 7ff60a4e81b0-7ff60a4e81d7 call 7ff60a4e9090 SetEnvironmentVariableW free 33->39 40 7ff60a4e8107-7ff60a4e8119 call 7ff60a4e7ec0 free 33->40 35->34 41 7ff60a4e8232-7ff60a4e8259 call 7ff60a4e9090 SetEnvironmentVariableW free 36->41 42 7ff60a4e818f-7ff60a4e81a1 call 7ff60a4e7ec0 free 36->42 37->26 55 7ff60a4e8075-7ff60a4e8098 CreateDirectoryW _wputenv_s free 38->55 56 7ff60a4e8037 38->56 39->26 40->26 41->35 42->35 55->5 58 7ff60a4e81f8-7ff60a4e8204 call 7ff60a4e2e60 55->58 57 7ff60a4e8040-7ff60a4e8073 call 7ff60a4f9320 CreateDirectoryW wcschr 56->57 57->55 58->26
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free$CreateDirectoryEnvironment$ByteCharExpandMultiPathStringsTempVariableWide_getpid_wcsdup_wfullpath_wputenv_s_wtempnamwcschrwcslen
                                                                                                                                                                                                                                        • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.$LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d$_MEIPASS2
                                                                                                                                                                                                                                        • API String ID: 2274789544-3119237222
                                                                                                                                                                                                                                        • Opcode ID: 3b840c5506bd6fd7349de0f788188c7a37745e8f39f2dcd91eb27e463c901c61
                                                                                                                                                                                                                                        • Instruction ID: 50fcd7b685fa8849a7f0cfe0b4cd52b77b1c225d8da55f6ca5396546f0a2db8f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b840c5506bd6fd7349de0f788188c7a37745e8f39f2dcd91eb27e463c901c61
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A61AF1BF4DA5381FE55EB62E8112BA9281AF85BC4F6458B9DD0EC77C7EE2CE5058300
                                                                                                                                                                                                                                        Function 00007FF60A4E1154 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _initterm$_amsg_exit_cexitexit
                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                        • API String ID: 602970348-4108050209
                                                                                                                                                                                                                                        • Opcode ID: 68b42a7169f47ea2a0c2489e8fdb899db89ccd3641b59c7d876ca4fdc4d75048
                                                                                                                                                                                                                                        • Instruction ID: a6041af203cb39724872cf3bf8ee04865fda717c3481e85b6ce82861f4887669
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68b42a7169f47ea2a0c2489e8fdb899db89ccd3641b59c7d876ca4fdc4d75048
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F61A43AE08B0689FB01DBA9E89076933A0BB49BC8F6046B5DD0D97765EF3CE5408751
                                                                                                                                                                                                                                        Function 00007FF60A4EAAA0 Relevance: 6.9, Strings: 5, Instructions: 602COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: incorrect data check$invalid block type$invalid literal/length code$invalid stored block lengths$too many length or distance symbols
                                                                                                                                                                                                                                        • API String ID: 0-817236767
                                                                                                                                                                                                                                        • Opcode ID: edda78cfee263c1a0d51050989b18d83d5165dd7758e07e4666f51b0d9e6ee7b
                                                                                                                                                                                                                                        • Instruction ID: 04ffc2effa480845e41c63b466abebab246e70cfb1ce802aae69e24aeeacda9d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: edda78cfee263c1a0d51050989b18d83d5165dd7758e07e4666f51b0d9e6ee7b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B432D37BE192928BD391CF25D48893E76A5FB447C4F258175EA5AC3784EF38E904DB00
                                                                                                                                                                                                                                        Function 00007FF60A4EB278 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid distances set$invalid literal/lengths set
                                                                                                                                                                                                                                        • API String ID: 0-1153561608
                                                                                                                                                                                                                                        • Opcode ID: cff788bb3bcb304cddf1bce8afa9734ec4ede5906092ff3c2facd10851e22f08
                                                                                                                                                                                                                                        • Instruction ID: f72e2eba7083f7d783be0440b5884d0b20b36ede34c971365d02294d31a08041
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cff788bb3bcb304cddf1bce8afa9734ec4ede5906092ff3c2facd10851e22f08
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8F1C37BA186528BD755CF24D488A3E77A5FB443C5F668179DA4AC3780EF38E944CB00
                                                                                                                                                                                                                                        Function 00007FF60A4E93B0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                        • Opcode ID: 59c1ec81a29a6fab549a8afeeca284bc4e0314e0ec4df424a70acac61bdd8c3c
                                                                                                                                                                                                                                        • Instruction ID: 40d74d90c9b9f4c821d1a1a52d63dfb38768441e22e9182d6c2fd939263e0333
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59c1ec81a29a6fab549a8afeeca284bc4e0314e0ec4df424a70acac61bdd8c3c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41F0302AA1964181F7A09B60F4087A96690B7847B8FA44774DA79826D5DF7C8149CB01
                                                                                                                                                                                                                                        Function 00007FF60A4E1D40 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 139COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 63 7ff60a4e1d40-7ff60a4e1d59 64 7ff60a4e1d5f-7ff60a4e1d63 63->64 65 7ff60a4e1f40-7ff60a4e1f47 call 7ff60a4e2e60 63->65 67 7ff60a4e1e60-7ff60a4e1e69 call 7ff60a4e1ca0 64->67 68 7ff60a4e1d69-7ff60a4e1d82 call 7ff60a4e8590 64->68 70 7ff60a4e1f4c-7ff60a4e1f51 65->70 73 7ff60a4e1e6b-7ff60a4e1e79 67->73 77 7ff60a4e1eb8-7ff60a4e1ec8 call 7ff60a4e2e60 67->77 75 7ff60a4e1f56-7ff60a4e1f6c call 7ff60a4e2fe0 68->75 76 7ff60a4e1d88-7ff60a4e1d9e call 7ff60a4e4650 68->76 70->73 75->70 84 7ff60a4e1da4-7ff60a4e1db6 call 7ff60a4f0020 76->84 85 7ff60a4e1ed0-7ff60a4e1ee4 call 7ff60a4e2e60 76->85 77->73 91 7ff60a4e1f20-7ff60a4e1f31 call 7ff60a4e2fe0 84->91 92 7ff60a4e1dbc-7ff60a4e1dc0 84->92 90 7ff60a4e1e9b-7ff60a4e1eb1 fclose 85->90 96 7ff60a4e1f36-7ff60a4e1f3b 91->96 94 7ff60a4e1e80-7ff60a4e1e8c call 7ff60a4e1710 92->94 95 7ff60a4e1dc6-7ff60a4e1dd6 malloc 92->95 101 7ff60a4e1e91 94->101 98 7ff60a4e1f6e-7ff60a4e1f84 call 7ff60a4e2fe0 95->98 99 7ff60a4e1ddc-7ff60a4e1de2 95->99 100 7ff60a4e1e93-7ff60a4e1e96 fclose 96->100 98->96 102 7ff60a4e1de4 99->102 103 7ff60a4e1e16-7ff60a4e1e39 fread 99->103 100->90 101->100 105 7ff60a4e1ef0-7ff60a4e1ef2 102->105 106 7ff60a4e1df0-7ff60a4e1e07 fwrite 103->106 107 7ff60a4e1e3b-7ff60a4e1e4c call 7ff60a4e2fe0 103->107 109 7ff60a4e1e56-7ff60a4e1e5e free 105->109 110 7ff60a4e1f00-7ff60a4e1f16 call 7ff60a4e2fe0 106->110 111 7ff60a4e1e0d-7ff60a4e1e10 106->111 114 7ff60a4e1e51 107->114 109->100 110->114 111->103 111->105 114->109
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fclose$_wfopenfreadfreemalloc
                                                                                                                                                                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
                                                                                                                                                                                                                                        • API String ID: 414440483-3833288071
                                                                                                                                                                                                                                        • Opcode ID: 6d94708e593a5e3daaea1640c06e55988b4885eda8209f8357fb640968705f0c
                                                                                                                                                                                                                                        • Instruction ID: 71dd86579a9c7633c57b602394499bc4b3315de741a6e38d3c454fdbcecba31d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d94708e593a5e3daaea1640c06e55988b4885eda8209f8357fb640968705f0c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6551DF2BE8950380FE51D729D8406B91241AF11BD4F7802FAED0D8B2D6FE7CE9468340
                                                                                                                                                                                                                                        Function 00007FF60A4E9210 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen_snwprintfcallocfree
                                                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                                        • API String ID: 1339360106-2855260032
                                                                                                                                                                                                                                        • Opcode ID: 840785790ae47b5b900202a130df978d56d1b00df71af0a86b378aa74ba62265
                                                                                                                                                                                                                                        • Instruction ID: e257023c404363d92ba056cd68397e5a2c7a2a23228555e9347c8f45e29ae69d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 840785790ae47b5b900202a130df978d56d1b00df71af0a86b378aa74ba62265
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B31622760864282E610DB52F804BAA7361FB86BE4F640275EE6D87BDADF7DD409C700
                                                                                                                                                                                                                                        Function 00007FF60A4EF3B0 Relevance: 25.8, APIs: 17, Instructions: 341COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 131 7ff60a4ef3b0-7ff60a4ef3d7 call 7ff60a4f9288 134 7ff60a4ef3e9-7ff60a4ef402 setlocale 131->134 135 7ff60a4ef3d9-7ff60a4ef3e5 _strdup 131->135 136 7ff60a4ef824-7ff60a4ef89a wcstombs realloc wcstombs setlocale free 134->136 137 7ff60a4ef408-7ff60a4ef411 134->137 135->134 138 7ff60a4ef8a1-7ff60a4ef8a7 136->138 137->136 139 7ff60a4ef417-7ff60a4ef4ab mbstowcs call 7ff60a4ef020 mbstowcs 137->139 142 7ff60a4ef514-7ff60a4ef519 139->142 143 7ff60a4ef4ad-7ff60a4ef4b8 139->143 146 7ff60a4ef534-7ff60a4ef53e 142->146 147 7ff60a4ef51b-7ff60a4ef52a 142->147 144 7ff60a4ef4ba-7ff60a4ef4c5 143->144 145 7ff60a4ef4c7-7ff60a4ef4dc 143->145 144->142 144->145 148 7ff60a4ef533 145->148 149 7ff60a4ef4de-7ff60a4ef4ec 145->149 151 7ff60a4ef544-7ff60a4ef554 146->151 152 7ff60a4ef81a-7ff60a4ef81d 146->152 147->146 150 7ff60a4ef52c-7ff60a4ef531 147->150 148->146 149->148 153 7ff60a4ef4ee-7ff60a4ef50f setlocale free 149->153 150->146 154 7ff60a4ef5aa-7ff60a4ef5b4 151->154 152->136 155 7ff60a4ef81f-7ff60a4ef822 153->155 156 7ff60a4ef556-7ff60a4ef561 154->156 157 7ff60a4ef5b6 154->157 155->138 159 7ff60a4ef563-7ff60a4ef56e 156->159 160 7ff60a4ef577-7ff60a4ef582 156->160 158 7ff60a4ef5b9-7ff60a4ef5c1 157->158 163 7ff60a4ef5c3-7ff60a4ef76c 158->163 164 7ff60a4ef5c8-7ff60a4ef5d5 158->164 165 7ff60a4ef5a5 159->165 166 7ff60a4ef570 159->166 161 7ff60a4ef584-7ff60a4ef58f 160->161 162 7ff60a4ef572 160->162 161->162 167 7ff60a4ef591-7ff60a4ef59b 161->167 162->160 173 7ff60a4ef76e-7ff60a4ef779 163->173 174 7ff60a4ef77b-7ff60a4ef780 163->174 169 7ff60a4ef5f1-7ff60a4ef5f9 164->169 170 7ff60a4ef5d7-7ff60a4ef5e2 164->170 165->154 166->160 171 7ff60a4ef59d-7ff60a4ef5a1 167->171 172 7ff60a4ef5b8 167->172 176 7ff60a4ef653-7ff60a4ef669 169->176 177 7ff60a4ef5fb-7ff60a4ef606 169->177 170->164 175 7ff60a4ef5e4-7ff60a4ef5ef 170->175 171->165 172->158 173->174 179 7ff60a4ef782-7ff60a4ef78e 173->179 180 7ff60a4ef793-7ff60a4ef7f2 wcstombs realloc wcstombs 174->180 175->164 175->169 178 7ff60a4ef670-7ff60a4ef67b 176->178 181 7ff60a4ef615-7ff60a4ef62a 177->181 182 7ff60a4ef608-7ff60a4ef613 177->182 184 7ff60a4ef67d-7ff60a4ef688 178->184 185 7ff60a4ef66b 178->185 179->180 186 7ff60a4ef7f7-7ff60a4ef818 setlocale free 180->186 181->176 183 7ff60a4ef62c-7ff60a4ef63b 181->183 182->176 182->181 183->176 187 7ff60a4ef63d-7ff60a4ef64c 183->187 184->185 188 7ff60a4ef68a-7ff60a4ef696 184->188 185->178 186->155 187->176 189 7ff60a4ef64e 187->189 190 7ff60a4ef6ac-7ff60a4ef6b0 188->190 191 7ff60a4ef698-7ff60a4ef6aa 188->191 189->176 192 7ff60a4ef6b4-7ff60a4ef6bc 190->192 191->190 191->192 193 7ff60a4ef713-7ff60a4ef71d 192->193 194 7ff60a4ef6be-7ff60a4ef6db 193->194 195 7ff60a4ef71f-7ff60a4ef748 wcstombs 193->195 197 7ff60a4ef6dd-7ff60a4ef6f0 194->197 198 7ff60a4ef6f9-7ff60a4ef704 194->198 195->186 196 7ff60a4ef74e-7ff60a4ef75c 195->196 196->186 197->193 201 7ff60a4ef6f2 197->201 199 7ff60a4ef6f4 198->199 200 7ff60a4ef706-7ff60a4ef711 198->200 199->198 200->193 200->199 201->198
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: wcstombs$setlocale$free$mbstowcsrealloc$_strdup
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 918573998-0
                                                                                                                                                                                                                                        • Opcode ID: bc37caea81c3f1b4857c0da5a89418885bf617b27b1e748d0f14d2c635658186
                                                                                                                                                                                                                                        • Instruction ID: d395426dfccf1a992390d9f367a9e1daf53ce1a45d92bf881f42eeabf5a2b690
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc37caea81c3f1b4857c0da5a89418885bf617b27b1e748d0f14d2c635658186
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27F1C46BB04A1688EB50DBAAD4412BC37B1BB48BD8F904476DE4CA77A9EF38D455C310
                                                                                                                                                                                                                                        Function 00007FF60A4E1710 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 231fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 202 7ff60a4e1710-7ff60a4e177d call 7ff60a4ea920 205 7ff60a4e1783-7ff60a4e1793 malloc 202->205 206 7ff60a4e1a58-7ff60a4e1a70 call 7ff60a4e2e60 202->206 207 7ff60a4e1ab7-7ff60a4e1ace call 7ff60a4e2fe0 205->207 208 7ff60a4e1799-7ff60a4e17a9 malloc 205->208 220 7ff60a4e1a75-7ff60a4e1a93 206->220 217 7ff60a4e1aaf 207->217 211 7ff60a4e17af-7ff60a4e17cd 208->211 212 7ff60a4e1a98-7ff60a4e1aaa call 7ff60a4e2fe0 208->212 216 7ff60a4e17d5-7ff60a4e17f7 fread 211->216 212->217 218 7ff60a4e1a30-7ff60a4e1a39 216->218 219 7ff60a4e17fd-7ff60a4e1807 ferror 216->219 217->207 224 7ff60a4e1a41-7ff60a4e1a53 218->224 219->218 222 7ff60a4e180d-7ff60a4e182e 219->222 221 7ff60a4e19d0-7ff60a4e19d8 220->221 223 7ff60a4e1928-7ff60a4e192a 221->223 225 7ff60a4e1831-7ff60a4e184d call 7ff60a4ea9d0 222->225 223->225 228 7ff60a4e1930-7ff60a4e1951 223->228 226 7ff60a4e187f-7ff60a4e1892 call 7ff60a4e2e60 224->226 234 7ff60a4e184f-7ff60a4e1852 225->234 235 7ff60a4e1868-7ff60a4e186b 225->235 239 7ff60a4e1897-7ff60a4e18c4 call 7ff60a4ec780 free * 2 226->239 231 7ff60a4e1ad0-7ff60a4e1adb 228->231 232 7ff60a4e1957-7ff60a4e195a 228->232 232->216 236 7ff60a4e1960-7ff60a4e1977 232->236 238 7ff60a4e18c8-7ff60a4e18e1 234->238 240 7ff60a4e1854-7ff60a4e1863 234->240 237 7ff60a4e186d-7ff60a4e187c 235->237 235->238 236->239 241 7ff60a4e197d 236->241 237->226 243 7ff60a4e18e7-7ff60a4e1909 fwrite 238->243 244 7ff60a4e1988-7ff60a4e1991 238->244 240->226 241->226 243->224 247 7ff60a4e190f-7ff60a4e191e ferror 243->247 244->223 245 7ff60a4e1993-7ff60a4e1997 244->245 248 7ff60a4e19e0-7ff60a4e1a26 245->248 249 7ff60a4e1999-7ff60a4e199d 245->249 247->224 250 7ff60a4e1924 247->250 248->221 249->220 251 7ff60a4e19a3-7ff60a4e19a6 249->251 250->223 251->221 252 7ff60a4e19a8-7ff60a4e19b9 251->252 252->221 253 7ff60a4e19bb-7ff60a4e19cf 252->253 253->221
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: malloc$ferrorfree$freadfwrite
                                                                                                                                                                                                                                        • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                        • API String ID: 1635854594-1655038675
                                                                                                                                                                                                                                        • Opcode ID: c7dad65b08eccfe109ea056ce5c20d395fae7623f7bcb11bc371ddcf49c6912d
                                                                                                                                                                                                                                        • Instruction ID: f0579c2b5393e89033ba65c718d7c00fa12e5e57dd6912c22ea0907ef9bfd6a7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7dad65b08eccfe109ea056ce5c20d395fae7623f7bcb11bc371ddcf49c6912d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E91012BB4C69241E620CF1AE8403BA6290FB65BD4F248675DE9D83BC5EF7CE485D700
                                                                                                                                                                                                                                        Function 00007FF60A4E8820 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 99processsynchronizationCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _get_osfhandle$Process_fileno$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                        • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                        • API String ID: 2399235724-3524285272
                                                                                                                                                                                                                                        • Opcode ID: 2bb69f242d9541d69d1b049c92316138750a043074f1ee99989ea41868e2982c
                                                                                                                                                                                                                                        • Instruction ID: 730f1dd6a9911eca67acc63f5250712dc35530439f383720b9555489eac8e7a8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2bb69f242d9541d69d1b049c92316138750a043074f1ee99989ea41868e2982c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36415F37A0878285EB209B64F8157AA7360FB857A4F504379EAAD837D9DF7CD484CB00
                                                                                                                                                                                                                                        Function 00007FF60A4E16D0 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 342stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 268 7ff60a4e16d0-7ff60a4e3ce3 call 7ff60a4e8fe0 call 7ff60a4ef020 call 7ff60a4e21d0 276 7ff60a4e4070 268->276 277 7ff60a4e3ce9-7ff60a4e3cfc call 7ff60a4e45a0 268->277 280 7ff60a4e4080-7ff60a4e409b call 7ff60a4e22c0 276->280 277->276 281 7ff60a4e3d02-7ff60a4e3d17 call 7ff60a4e4620 277->281 286 7ff60a4e409d-7ff60a4e40ae 280->286 287 7ff60a4e4056-7ff60a4e4068 call 7ff60a4e2e60 280->287 281->276 289 7ff60a4e3d1d-7ff60a4e3d32 call 7ff60a4e7e30 281->289 290 7ff60a4e4100-7ff60a4e411c call 7ff60a4e9090 286->290 291 7ff60a4e40b0-7ff60a4e40ba 286->291 287->276 303 7ff60a4e3e00-7ff60a4e3e18 call 7ff60a4e7f20 call 7ff60a4e22c0 289->303 304 7ff60a4e3d38-7ff60a4e3d4a call 7ff60a4e7e30 289->304 301 7ff60a4e4122-7ff60a4e4130 SetDllDirectoryW call 7ff60a4e7020 290->301 302 7ff60a4e42a5-7ff60a4e42b1 call 7ff60a4e2e60 290->302 295 7ff60a4e40c0-7ff60a4e40dc call 7ff60a4e9090 291->295 296 7ff60a4e4228-7ff60a4e4233 call 7ff60a4e24a0 291->296 295->302 312 7ff60a4e40e2-7ff60a4e40f5 SetDllDirectoryW call 7ff60a4e7020 295->312 296->295 311 7ff60a4e4239 296->311 326 7ff60a4e4140-7ff60a4e4155 call 7ff60a4e4650 301->326 302->276 330 7ff60a4e3e1e-7ff60a4e3e34 303->330 331 7ff60a4e4040-7ff60a4e4050 call 7ff60a4e22c0 303->331 320 7ff60a4e3d50-7ff60a4e3d58 304->320 321 7ff60a4e3f38-7ff60a4e3f50 call 7ff60a4e7f20 call 7ff60a4e22c0 304->321 311->276 324 7ff60a4e3e63-7ff60a4e3e70 call 7ff60a4e6b90 312->324 322 7ff60a4e3d5e-7ff60a4e3d87 free call 7ff60a4e7f20 * 2 call 7ff60a4e22c0 320->322 323 7ff60a4e3f28 320->323 356 7ff60a4e3f56-7ff60a4e3f5d 321->356 357 7ff60a4e41f8 321->357 322->280 378 7ff60a4e3d8d-7ff60a4e3d9e 322->378 323->321 342 7ff60a4e4000-7ff60a4e400f call 7ff60a4e6d80 324->342 343 7ff60a4e3e76-7ff60a4e3e83 call 7ff60a4e7060 324->343 346 7ff60a4e415b-7ff60a4e41a1 call 7ff60a4e8bb0 326->346 347 7ff60a4e4208 326->347 336 7ff60a4e3f70 330->336 337 7ff60a4e3e3a-7ff60a4e3e45 call 7ff60a4e24a0 330->337 331->287 331->326 349 7ff60a4e3f78-7ff60a4e3f7f 336->349 337->276 363 7ff60a4e3e4b-7ff60a4e3e53 337->363 366 7ff60a4e4023-7ff60a4e4037 call 7ff60a4e71c0 call 7ff60a4e7060 342->366 367 7ff60a4e4011-7ff60a4e401d call 7ff60a4e6fa0 342->367 358 7ff60a4e3f90-7ff60a4e3f9f call 7ff60a4e36c0 343->358 368 7ff60a4e3e89-7ff60a4e3e9a strcmp 343->368 372 7ff60a4e4292-7ff60a4e42a0 fclose 346->372 373 7ff60a4e41a7-7ff60a4e41bf 346->373 353 7ff60a4e420e-7ff60a4e421d call 7ff60a4e2e60 347->353 349->358 353->276 356->336 357->347 358->276 383 7ff60a4e3fa5-7ff60a4e3fea call 7ff60a4e7ec0 call 7ff60a4e3c70 call 7ff60a4e8820 call 7ff60a4e71c0 call 7ff60a4e7060 358->383 363->336 371 7ff60a4e3e59 call 7ff60a4e7020 363->371 366->331 367->366 394 7ff60a4e4280-7ff60a4e428d call 7ff60a4e72d0 367->394 376 7ff60a4e3ede-7ff60a4e3f07 call 7ff60a4e3bf0 call 7ff60a4e3c00 call 7ff60a4e3c60 call 7ff60a4e71c0 call 7ff60a4e7060 368->376 377 7ff60a4e3e9c-7ff60a4e3ebf call 7ff60a4e3c80 368->377 390 7ff60a4e3e5e 371->390 372->353 373->349 381 7ff60a4e41c5-7ff60a4e41da call 7ff60a4e24a0 373->381 430 7ff60a4e3f0c-7ff60a4e3f21 376->430 377->276 403 7ff60a4e3ec5-7ff60a4e3ed9 strcpy 377->403 386 7ff60a4e3da4 378->386 387 7ff60a4e4250-7ff60a4e425a 378->387 381->276 399 7ff60a4e41e0-7ff60a4e41e8 381->399 433 7ff60a4e4240-7ff60a4e4243 call 7ff60a4e8260 383->433 434 7ff60a4e3ff0-7ff60a4e3ff8 call 7ff60a4e2210 383->434 396 7ff60a4e3daa-7ff60a4e3dd0 call 7ff60a4e9090 386->396 387->295 392 7ff60a4e4260-7ff60a4e426b call 7ff60a4e24a0 387->392 390->324 392->396 413 7ff60a4e4271 392->413 394->372 396->302 415 7ff60a4e3dd6-7ff60a4e3dec SetDllDirectoryW call 7ff60a4e7020 396->415 399->371 407 7ff60a4e41ee 399->407 403->376 407->349 413->276 415->324 425 7ff60a4e3dee-7ff60a4e3df8 call 7ff60a4e7060 415->425 425->368 437 7ff60a4e4248 433->437 434->430 437->387
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free$DirectoryEnvironmentVariablecalloc$ByteCharFileModuleMultiNameWidestrcmpstrcpy
                                                                                                                                                                                                                                        • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                        • API String ID: 2187479179-3096095006
                                                                                                                                                                                                                                        • Opcode ID: 44034e222dda9e4fdfd118ccd7134ec7e14ffacfb3c3d4c39dce0c40e8a12d18
                                                                                                                                                                                                                                        • Instruction ID: 793c10a890f09ede0e21596dd3313359af58d52de6def158b8308612b0c86b35
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44034e222dda9e4fdfd118ccd7134ec7e14ffacfb3c3d4c39dce0c40e8a12d18
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04E1B02BA0C64280FA55EF22E8142BA6754AF85BC0F6401B5EE4ECB7D6EF3CF5008740
                                                                                                                                                                                                                                        Function 00007FF60A4E1F90 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 132COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: freadmalloc$_wfopenfclosefree
                                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 2617120823-2084260460
                                                                                                                                                                                                                                        • Opcode ID: f6671c9f5980480a8561912fa48935c17a8968c568c4a8eecea377759303505b
                                                                                                                                                                                                                                        • Instruction ID: da933b99d12b47815ebb8e605324b531c46183f249791ab6e350bac5f8394190
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f6671c9f5980480a8561912fa48935c17a8968c568c4a8eecea377759303505b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5351A077B0960286EB14DB28D8402B863A1EF88BD4F75927AD90D837D5EF7CE902C744
                                                                                                                                                                                                                                        Function 00007FF60A4E8260 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: wcscat$ByteCharMultiWide_wrmdirwcslen
                                                                                                                                                                                                                                        • String ID: _MEIPASS2
                                                                                                                                                                                                                                        • API String ID: 3789554339-3944641314
                                                                                                                                                                                                                                        • Opcode ID: fb5fa8b4530e7b2c41102c59ccc0b32c935fc7947f7e5b4f43b1699e594ef5fd
                                                                                                                                                                                                                                        • Instruction ID: e44fb1273e2c545e9758403d36a9550fd5c7d647736d203aa8b51e02bfa9cdd8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb5fa8b4530e7b2c41102c59ccc0b32c935fc7947f7e5b4f43b1699e594ef5fd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7121F35BB0854294ED14E712E8146FE6250BF86BE4FE845B1ED1E877C6EE3CE545C300
                                                                                                                                                                                                                                        Function 00007FF60A4E8590 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: strlen$_wfopenstrcpystrtok
                                                                                                                                                                                                                                        • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                                        • API String ID: 1482442392-3501660386
                                                                                                                                                                                                                                        • Opcode ID: 86652e42a3b0821fb2706ff85a4357d95cd04f2c8132566fc96236a2442db211
                                                                                                                                                                                                                                        • Instruction ID: 69b86715d97b70570fbfb473117f29327d01e2a96bde21a6a9b0501f4967349a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86652e42a3b0821fb2706ff85a4357d95cd04f2c8132566fc96236a2442db211
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB21C16BE4C24359FE21EB31E9102BA26859F447C8F7856B5E91EC62D2FE2CF5428300
                                                                                                                                                                                                                                        Function 00007FF60A4E83A0 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: wcscatwcscmp
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3846154227-0
                                                                                                                                                                                                                                        • Opcode ID: 9967234732384e4ceab695c79c84b8215dbb9b0f606c807d9ef8d38498a5c5b4
                                                                                                                                                                                                                                        • Instruction ID: 05dcb5031e64c65160ba9602bfbf4c7f1144a39f12ac9e93df15a050b646c4a9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9967234732384e4ceab695c79c84b8215dbb9b0f606c807d9ef8d38498a5c5b4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C118C1BB4C64296FE69EB22D8103BE52806F45BC8F2840B1ED0EC67D7FE2DE5008300
                                                                                                                                                                                                                                        Function 00007FF60A4E8480 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: strlen$strcpystrtok
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3698421117-0
                                                                                                                                                                                                                                        • Opcode ID: 86c057e636391070db3999e02b4ec4b0961dea1a697d128733877af77779c05a
                                                                                                                                                                                                                                        • Instruction ID: e90d8f6278b9bec15fe2c41c8cabd07e12d563e8dad88bca3ddb25b331b5f0f5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86c057e636391070db3999e02b4ec4b0961dea1a697d128733877af77779c05a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F221901BB4964354FE21EB61E8053FA62415F44BD4FA809B1ED0DC77C2EE2CE546C340
                                                                                                                                                                                                                                        Function 00007FF60A4EA4F0 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: mallocmemcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4276657696-0
                                                                                                                                                                                                                                        • Opcode ID: 425d4c8a08875ec74439c914d8f05ade38285fd10358b5af06c5e2fac6744273
                                                                                                                                                                                                                                        • Instruction ID: 92056303b7e1a078b6a1ea0f5061900252530a32b225529b1df2d9795701b455
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 425d4c8a08875ec74439c914d8f05ade38285fd10358b5af06c5e2fac6744273
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE31A177B256418BD760CB26E48466EB6A1FB94BC4F245174DB4AD7F41EE3DF4808B00
                                                                                                                                                                                                                                        Function 00007FF60A4E8BB0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: freemalloc
                                                                                                                                                                                                                                        • String ID: _MEIPASS2
                                                                                                                                                                                                                                        • API String ID: 3061335427-3944641314
                                                                                                                                                                                                                                        • Opcode ID: 82fc68c19f997e976ae3edfc8308a0f33f035b4b0a82fd326fd0555060eccea1
                                                                                                                                                                                                                                        • Instruction ID: 32529d14d003f420574507e96a7693ead9008222d07bb4091e306aba9cfe4348
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82fc68c19f997e976ae3edfc8308a0f33f035b4b0a82fd326fd0555060eccea1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6721D617B5A15281FE15DB22DD047FAA6456F86BC4FA804B5DE0D8B782FE3DE542C300
                                                                                                                                                                                                                                        Function 00007FF60A4E7020 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: calloc
                                                                                                                                                                                                                                        • String ID: Cannot allocate memory for SPLASH_STATUS.$calloc
                                                                                                                                                                                                                                        • API String ID: 2635317215-799113134
                                                                                                                                                                                                                                        • Opcode ID: f2af3c9f5e49862c4fdb12449ad5d52b59e493735a903b8862745a60d1d68c81
                                                                                                                                                                                                                                        • Instruction ID: fdeb99a512dfcdd418a9583d5d93ab0ba593fe116d11991d77e5ccbb77313096
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2af3c9f5e49862c4fdb12449ad5d52b59e493735a903b8862745a60d1d68c81
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CE0EC6EE4860690EE54D710E4911B923509F843D4FA410B8DA0C867A5EE6CE505CB80
                                                                                                                                                                                                                                        Function 00007FF60A4E22C0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 93stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: strcpy
                                                                                                                                                                                                                                        • String ID: pyi-contents-directory
                                                                                                                                                                                                                                        • API String ID: 3177657795-2617349511
                                                                                                                                                                                                                                        • Opcode ID: 5bf9b9d7ed3ee3d6fd6229c4798420956e625b75858e8fae20c676d5f28f119e
                                                                                                                                                                                                                                        • Instruction ID: 734f8dd0c101d0ecf11f74c5f922e73383c348498141aa10c468c9d4383b2481
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5bf9b9d7ed3ee3d6fd6229c4798420956e625b75858e8fae20c676d5f28f119e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F631C36BB4868284FE20DA75E9083F91345AF44BC4F684172DD0DCB78AEEBCE546C710
                                                                                                                                                                                                                                        Function 00007FF60A4F0060 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fsetpos
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 850078086-0
                                                                                                                                                                                                                                        • Opcode ID: 465717a23ec0afd49ac1cc4503031fffc665e619fc2808689674e9d738e7ebcb
                                                                                                                                                                                                                                        • Instruction ID: 07cc2196d678317582ef120eb9ade4757af141a34b58fa46c87b1de532978cb5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 465717a23ec0afd49ac1cc4503031fffc665e619fc2808689674e9d738e7ebcb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0116F7BA44B068DEF108F75D8411AC33A0EB847DCF205AB9EA5E8778AEF38D0508340
                                                                                                                                                                                                                                        Function 00007FF60A4EFF1B Relevance: 2.6, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: freememsetwcslen
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2332356550-0
                                                                                                                                                                                                                                        • Opcode ID: c2e1b32b20ba580d70b52182103e0aee796dda81a15ec91a94acdf2495544fb0
                                                                                                                                                                                                                                        • Instruction ID: 7a69d734e020fc66e72d67ffd987a1eb83796cedff41aba9fcba07fd944a3e91
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2e1b32b20ba580d70b52182103e0aee796dda81a15ec91a94acdf2495544fb0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E31B86AB04B1489EB14CF76D48109C3BB1FB98BE8B118566EE1C57B68EB34C591C790
                                                                                                                                                                                                                                        Function 00007FF60A4EFB70 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcpymemset
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1297977491-0
                                                                                                                                                                                                                                        • Opcode ID: 86a4f9779090a5a3b7ad0aee4b266cf8ba49ffbde6d478c0951e5b4311ae9909
                                                                                                                                                                                                                                        • Instruction ID: 58c3cb37378c25d1823d180739c3130f0117b11cabda41564c87e5ebf089566e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86a4f9779090a5a3b7ad0aee4b266cf8ba49ffbde6d478c0951e5b4311ae9909
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A21F776B40B8688DB64CF69D8843ED33A1F748BACF114266CE3C5BB99DE34C6408340
                                                                                                                                                                                                                                        Function 00007FF60A4EFC50 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcpymemset
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1297977491-0
                                                                                                                                                                                                                                        • Opcode ID: 5d324b82e055cafc44ef2489a603cddb014aa3137ca6904158de945bf2753727
                                                                                                                                                                                                                                        • Instruction ID: a7fe7572aeb994b3e356ef83395d0acc12fc04b731468a5174555e217e542f11
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d324b82e055cafc44ef2489a603cddb014aa3137ca6904158de945bf2753727
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1121F47AB40B8689DB24CF6AD8843ED37A1FB49B98F118166CE2C5BB59DE34C644C740
                                                                                                                                                                                                                                        Function 00007FF60A4E4650 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF60A4E9090: MultiByteToWideChar.KERNEL32(00007FF60A4E2E07,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,?,00007FF60A4E2FD0), ref: 00007FF60A4E90C6
                                                                                                                                                                                                                                        • _wfopen.MSVCRT ref: 00007FF60A4E4695
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_wfopen
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 372205238-0
                                                                                                                                                                                                                                        • Opcode ID: 8e21174acb464d8d1757056906152d011765c52c98c26f0b73aa27ab55bd4878
                                                                                                                                                                                                                                        • Instruction ID: ddb43c3c1542d52eac75788b103631811515f3de25112116a9a0ec2e1e724770
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e21174acb464d8d1757056906152d011765c52c98c26f0b73aa27ab55bd4878
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16E0929270821041F915E212E9147EA82526F8AFC0F508030EF0C9BB8B9E1DD7438700
                                                                                                                                                                                                                                        Function 00007FF60A4EB150 Relevance: 1.4, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3510742995-0
                                                                                                                                                                                                                                        • Opcode ID: 885c1ada9ef54120341bcedc4c9a71be298787a9b6042cca5f6a765c25f5e263
                                                                                                                                                                                                                                        • Instruction ID: 4ba4e0c0e075465c67dc0367f1468c699437632a3f6320898b92f66d75e3ffc9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 885c1ada9ef54120341bcedc4c9a71be298787a9b6042cca5f6a765c25f5e263
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B451D83BA182928BD3A1CE19E48893F77A5FB447D5F268179DA5683A84DF3CD844CB00
                                                                                                                                                                                                                                        Function 00007FF60A4ED990 Relevance: 1.3, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                                                                                        • Opcode ID: a1c7189d00abfc9b8276c972b3be7d95addfd7c87cd30e887ec7055d5bdc4fb6
                                                                                                                                                                                                                                        • Instruction ID: c99c47176f0f27ca8bac60c8046eb83ed11b8e99a5f7c9057309f885a9b262cc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1c7189d00abfc9b8276c972b3be7d95addfd7c87cd30e887ec7055d5bdc4fb6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1631F66BF0871599FB50DBA6D4403BC37B0A704B88F6044B6DE8CA7B98EF789691C710
                                                                                                                                                                                                                                        Function 00007FF60A4EA920 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: malloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                                                                                                                        • Opcode ID: 70144d6ec82bfe141b5cbf93c26a1062560a1e9f03a4e2e5c767b20eb75f5ad6
                                                                                                                                                                                                                                        • Instruction ID: 1472c2aa4d444e82b7f95da8778ba160212bf3f7073e5df022a092e564ab735d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70144d6ec82bfe141b5cbf93c26a1062560a1e9f03a4e2e5c767b20eb75f5ad6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42216D37A09A4282EB61CB15D4403392691BB84BE9F3942B4C94E873D0EF39D887C301

                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                        Function 00007FF60A4E59C0 Relevance: 233.2, APIs: 44, Strings: 89, Instructions: 451libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                                                                                        • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                        • API String ID: 190572456-4266016200
                                                                                                                                                                                                                                        • Opcode ID: 50e6ba4ab6fb6236e3085a79b8dda0dff8723994d665336298622606d247f3f2
                                                                                                                                                                                                                                        • Instruction ID: 5c324d0141bd62183a68387302aa5aa39d1aa6d300c587bfbe4e1c4051306f23
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50e6ba4ab6fb6236e3085a79b8dda0dff8723994d665336298622606d247f3f2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8632E66AA9DB0790FE45DB14E8905B82369AF153C5BB460FAC40DC22A9FFBCF506D311
                                                                                                                                                                                                                                        Function 00007FF60A4E2710 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: MessageSend$Create$Window$BaseClientDialogFontIconIndirectInfoLoadMetricParametersRectSystemUnits
                                                                                                                                                                                                                                        • String ID: $BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                                        • API String ID: 3223904152-1365983254
                                                                                                                                                                                                                                        • Opcode ID: 23d76df661166ccc8bf8808f21f1e890a82357284aeaf219810838731c85fa8c
                                                                                                                                                                                                                                        • Instruction ID: 578713006bd75f1f9099fcf15e629286e2272d98184eb7da53c199771b25fbde
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23d76df661166ccc8bf8808f21f1e890a82357284aeaf219810838731c85fa8c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4291A936218B9482E750CF61E45479A7765F788BC8F24413AEE8C4BB99CF7EC086CB50
                                                                                                                                                                                                                                        Function 00007FF60A4E8CD0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharErrorFormatLastMessageMultiWide
                                                                                                                                                                                                                                        • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                        • API String ID: 1653872744-2573406579
                                                                                                                                                                                                                                        • Opcode ID: 024fbe4156dcd0bd8b1afa62f143db975c9d56f4e4c52d1d88309cd898284ba8
                                                                                                                                                                                                                                        • Instruction ID: bad7b5b32522cd7e7bf5e9b8c7eaf50ceaca38e710991e8b9ab0d44ee9ac51b3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 024fbe4156dcd0bd8b1afa62f143db975c9d56f4e4c52d1d88309cd898284ba8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C21A277E08A0281FB20DB14FC507A523A4BF853C8F645178E94DC66A9EF7CD549C700
                                                                                                                                                                                                                                        Function 00007FF60A4E15E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                                                                        • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                                                                                                                                                                                                                                        • API String ID: 384173800-1835852900
                                                                                                                                                                                                                                        • Opcode ID: c987cd605a046c4775a246cf352f7a0ef9f3b92eb4b15ad4de75813f5d1440e3
                                                                                                                                                                                                                                        • Instruction ID: 1d505d5b0466f3f2a43e25fb64db75a773d8ba99214c1ca20b690d3f9e4d464c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c987cd605a046c4775a246cf352f7a0ef9f3b92eb4b15ad4de75813f5d1440e3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E011B2AE89A1B99E912DF15F81057423A4BF5A7C8F6852B5C90D83364FF3CE506C300
                                                                                                                                                                                                                                        Function 00007FF60A4F5D5A Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 1364COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: Infinity$NaN
                                                                                                                                                                                                                                        • API String ID: 0-4285296124
                                                                                                                                                                                                                                        • Opcode ID: beb020b211eaaca1f32f7ce65c3d9009a7195868fcd7db736676572f372752d4
                                                                                                                                                                                                                                        • Instruction ID: 4e0429af2eca9ae23fd463b2d73c4d8d425ea6876dfc50822e07883114f24ea0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: beb020b211eaaca1f32f7ce65c3d9009a7195868fcd7db736676572f372752d4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CE22537A04B858EE751CF79C4442AC77A1FB4578CF21926AEA0D9BB59DF38E481CB40
                                                                                                                                                                                                                                        Function 00007FF60A4EB458 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: incorrect header check$invalid window size$unknown compression method
                                                                                                                                                                                                                                        • API String ID: 0-1186847913
                                                                                                                                                                                                                                        • Opcode ID: 4496b91970aba0857bed3007b949b9b7e2b63f9dde9968431ed31718af5f9cf1
                                                                                                                                                                                                                                        • Instruction ID: 2c151daf5311db99ce66a2cae1edba3616f7e6d148825a4c6fd03fd1872a93f7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4496b91970aba0857bed3007b949b9b7e2b63f9dde9968431ed31718af5f9cf1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3151E2BBA186124BE7A4CE24D49C57E36A5EB443C5F218178DB1AC7780EF3CE504DB44
                                                                                                                                                                                                                                        Function 00007FF60A4EB478 Relevance: 1.5, APIs: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 1fa4ac71a5e31e2cc150ff49e4ee7ea9fb9e70d7c6dba1bfe7d3f5ad9a10a4b2
                                                                                                                                                                                                                                        • Instruction ID: c18f95235585fc0443a061c54dc6152b21e52c3927cbce22d0ce0cf446b8fbc5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fa4ac71a5e31e2cc150ff49e4ee7ea9fb9e70d7c6dba1bfe7d3f5ad9a10a4b2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41B16177E082528AE765CA14D048B3A7BA5FB457C4F2581B8DF4987B84EF79D801CB44
                                                                                                                                                                                                                                        Function 00007FF60A4ED100 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 82756fd2ac5761be83388b480f9d5e46744741ce7b61d765b3fcf86fb2cc7fb8
                                                                                                                                                                                                                                        • Instruction ID: b258a512106d5b9169c01c5f16884848f5d1ef793c635cb7d207581f48bbc68d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82756fd2ac5761be83388b480f9d5e46744741ce7b61d765b3fcf86fb2cc7fb8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16E1B437E1C69286D765CF14E00067EB7A0FB94788F648175EA8A93B94EF3DE945CB00
                                                                                                                                                                                                                                        Function 00007FF60A4E9A60 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: ee928d4349295dd83296cb3ffc0a74822f4b4d78fe9c71e83768e58e224ea547
                                                                                                                                                                                                                                        • Instruction ID: be110d30a464aeded0654d0fa19c1bceb9ff8d75c6919a81e8277d8202718e1e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee928d4349295dd83296cb3ffc0a74822f4b4d78fe9c71e83768e58e224ea547
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7A139B7B241A087EA50CB2AD41057ABBA2F74A7D1F94E271DF89837C9DA3DE415C700
                                                                                                                                                                                                                                        Function 00007FF60A509628 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 669509eceb8c92fc4289dce0b3fe6160c66c813197be91c52a33401b4c898212
                                                                                                                                                                                                                                        • Instruction ID: 519737a538c3568ec683e99d82ac1a364e0c7a447ca193262e86e92d967e0a5e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 669509eceb8c92fc4289dce0b3fe6160c66c813197be91c52a33401b4c898212
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 483136E7D0DAC68BF3530E78CD6D5693F90FB93E4876E80F9C255861CBAD5E28048642
                                                                                                                                                                                                                                        Function 00007FF60A4E7680 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 324libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                                                                                        • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                        • API String ID: 190572456-2208601799
                                                                                                                                                                                                                                        • Opcode ID: bd663cd79cc008e1fc6f487746503f053cd2f66c41a095d1ba5e11cdaee36601
                                                                                                                                                                                                                                        • Instruction ID: 0ffd16fffe034ad91f93b73796c74d1641eff0e9cd1bdae96904186aab4d4a1d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd663cd79cc008e1fc6f487746503f053cd2f66c41a095d1ba5e11cdaee36601
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEF1A36AE4DB0790FE19DB14F8900B42395AF453D4BB465FAD40DC22A9BFACF61AD340
                                                                                                                                                                                                                                        Function 00007FF60A4E37E0 Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 254COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free
                                                                                                                                                                                                                                        • String ID: %s%c%s.py$Absolute path to script exceeds PATH_MAX$Could not get __main__ module's dict.$Could not get __main__ module.$Failed to unmarshal code object for %s$Traceback is disabled via bootloader option.$\$__file__$__main__$_pyi_main_co$format_exception$pyi-disable-windowed-traceback$traceback
                                                                                                                                                                                                                                        • API String ID: 1294909896-4198433784
                                                                                                                                                                                                                                        • Opcode ID: 900ce7977e4f46f4bc27d2a17498c34b4b329bf408e99df8640a570d0382665c
                                                                                                                                                                                                                                        • Instruction ID: 569d1690604d4c8eb5702946ef41ee472d8f632b27912f69805b0f06709c6a35
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 900ce7977e4f46f4bc27d2a17498c34b4b329bf408e99df8640a570d0382665c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4DB13A2AB09E4685EA06DF16E85457923A0FF86FC4FA441B6ED1E877B1EE7CE405C300
                                                                                                                                                                                                                                        Function 00007FF60A4EF060 Relevance: 25.7, APIs: 17, Instructions: 211COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: wcstombs$setlocale$freembstowcsrealloc$_strdup
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1093732947-0
                                                                                                                                                                                                                                        • Opcode ID: 4057a5c6bd61162031fd582af2eb34abd572d533eb0d544b39b7c2850e9da645
                                                                                                                                                                                                                                        • Instruction ID: 41ca41344d1d6ab6051f36d8da268bee098c9047ab5486f675c0667070eaa9ab
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4057a5c6bd61162031fd582af2eb34abd572d533eb0d544b39b7c2850e9da645
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67A1F36BB15B1988EB54DBA6D8402BC33B0BB49BC8F504579DE9CA7B99EF3CD4018310
                                                                                                                                                                                                                                        Function 00007FF60A4E3340 Relevance: 25.7, APIs: 2, Strings: 15, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF60A4E32D0: strcpy.MSVCRT(00000000,?,_MEIPASS2,00000000,00007FF60A4E3721), ref: 00007FF60A4E3313
                                                                                                                                                                                                                                        • strcmp.MSVCRT ref: 00007FF60A4E348A
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: strcmpstrcpystrlen
                                                                                                                                                                                                                                        • String ID: %s%c%s$%s%c%s%c%s$%s%c%s%c%s%c%s$%s%c%s.exe$%s%c%s.pkg$Archive path exceeds PATH_MAX$Failed to copy file %s from %s!$Failed to extract %s from referenced dependency archive %s.$Failed to open archive %s!$Failed to open referenced dependency archive %s.$Referenced dependency archive %s not found.$\$\$_MEIPASS2$pyi-contents-directory
                                                                                                                                                                                                                                        • API String ID: 895318938-459211576
                                                                                                                                                                                                                                        • Opcode ID: fd39c2760308aef11e2db745e75fa541c5fb47fde11d8f7162a83a1c834ded2e
                                                                                                                                                                                                                                        • Instruction ID: e3a6b9fba433a5935f0d81455add50f655119dbba346d6f9ece83e57303e1c2c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd39c2760308aef11e2db745e75fa541c5fb47fde11d8f7162a83a1c834ded2e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE819E2BA08A4285FA22EF21E8406FA6355EF45BC4F6441B6DE4DCB7D5EE6CF506C300
                                                                                                                                                                                                                                        Function 00007FF60A4E49F0 Relevance: 22.7, APIs: 7, Strings: 8, Instructions: 203stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: callocstrcmpstrncmp
                                                                                                                                                                                                                                        • String ID: _MEIPASS2$dev$hash_seed$optimize$pyi-$unbuffered$utf8$verbose
                                                                                                                                                                                                                                        • API String ID: 3864021093-2470803696
                                                                                                                                                                                                                                        • Opcode ID: 451d73b7ff344c03704b212d97ce530da948a4f6c025c6dc93e866c2767be9a3
                                                                                                                                                                                                                                        • Instruction ID: 0f3d68a01e9a99a614490a9ecc0d2fd8583e5378cdc24a68dfe08dc64bbcc083
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 451d73b7ff344c03704b212d97ce530da948a4f6c025c6dc93e866c2767be9a3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC81946BE0C64289FB74CB22E4043796791AF45BD8F2584F5CA4D876C5EE7EE5818310
                                                                                                                                                                                                                                        Function 00007FF60A4E1B30 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 89COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _wfopenfclosefreadfreemalloc
                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$_MEIPASS2$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 3354994319-975985129
                                                                                                                                                                                                                                        • Opcode ID: a7ead42880a9750e6487c0849e9f09f6a2e1a5fd5a99f567b050f14478f78f3b
                                                                                                                                                                                                                                        • Instruction ID: 3d58ac41096ff9a91f3bb61c8c0dff8cce8c2b737374f2ac0050cfebaf6fe0f2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7ead42880a9750e6487c0849e9f09f6a2e1a5fd5a99f567b050f14478f78f3b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B31DE1BB8861798FE04D715D804ABA2200AF25BC8FA451B6DC0DC7686FE3CE446C300
                                                                                                                                                                                                                                        Function 00007FF60A4E2B90 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _wcsdupfree$DeleteDestroyDialogHandleIconIndirectModuleObjectParammemset
                                                                                                                                                                                                                                        • String ID: Unhandled exception in script
                                                                                                                                                                                                                                        • API String ID: 3963799495-2699770090
                                                                                                                                                                                                                                        • Opcode ID: 63ee56fe181a1917596a2b7ec1c70eb69a51c0cc73ba7970fc3e78cbc600a575
                                                                                                                                                                                                                                        • Instruction ID: 8969ca386f54e8fdfd8901cdaeae65d644b6c833185137343a8fe08c45783159
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63ee56fe181a1917596a2b7ec1c70eb69a51c0cc73ba7970fc3e78cbc600a575
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3216D3BA49A8181EA25DB62F8546EB7364FBC5BC0F501579EE4E87B46DE3CD005CB00
                                                                                                                                                                                                                                        Function 00007FF60A4E6450 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 122COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: callocfflush$strcmpstrncmp
                                                                                                                                                                                                                                        • String ID: Failed to allocate PyConfig structure! Unsupported python version?$Failed to parse run-time options!$Failed to pre-initialize embedded python interpreter!$Failed to set module search paths!$Failed to set program name!$Failed to set python home path!$Failed to set run-time options!$Failed to set sys.argv!$Failed to start embedded python interpreter!
                                                                                                                                                                                                                                        • API String ID: 2710203250-3807717293
                                                                                                                                                                                                                                        • Opcode ID: 20069458dbc6cbfea570bcd6b724cb1ff9c6197de144f72581953467c1bf7855
                                                                                                                                                                                                                                        • Instruction ID: 9a2a5f3f65520d24608b5ef78bdfdc224f4da417b04e08476d59f1f6e6cb70a6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20069458dbc6cbfea570bcd6b724cb1ff9c6197de144f72581953467c1bf7855
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47516C1BB4CA5781FA51EB29F8510B99358BF90BD4F7415B5EE4EC22E6FE2CE9058300
                                                                                                                                                                                                                                        Function 00007FF60A4E6D80 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 131stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: strlenstrncpy$callocfreememcpy
                                                                                                                                                                                                                                        • String ID: SPLASH: Cannot extract requirement %s.$SPLASH: Cannot find requirement %s in archive.$_MEIPASS2
                                                                                                                                                                                                                                        • API String ID: 4189425833-927121926
                                                                                                                                                                                                                                        • Opcode ID: fa06c1771d126537b0c576a2152c8899150302a8b01afd59cc48e191a0e66960
                                                                                                                                                                                                                                        • Instruction ID: d32a9dbecc6cb6a631162dd52c7cd4d9f051cc316594a8442003c87dafeee811
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa06c1771d126537b0c576a2152c8899150302a8b01afd59cc48e191a0e66960
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F41C45BB4864255EA58EB22D4003FAA355BF44BC4FA545B5EE1D877CAEE3CE245C300
                                                                                                                                                                                                                                        Function 00007FF60A4E6B90 Relevance: 18.1, APIs: 10, Strings: 2, Instructions: 114stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcpystrncpy$malloc$callocfree
                                                                                                                                                                                                                                        • String ID: Cannot allocate memory for necessary files.$_MEIPASS2
                                                                                                                                                                                                                                        • API String ID: 1819673767-1389504347
                                                                                                                                                                                                                                        • Opcode ID: 6abde95e514940232a5d18ebf8d6e33772cb9ca00dbb0a1e4aaf4026809cc789
                                                                                                                                                                                                                                        • Instruction ID: 68752e8fbed431a06f7192cf090cbe982586a678aa1c04d431a1dd9ff7059b1b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6abde95e514940232a5d18ebf8d6e33772cb9ca00dbb0a1e4aaf4026809cc789
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C141FF67B4620597EA18EA22E9442EDB351FB44BC0F654975CF1D87B86EF7CE1528300
                                                                                                                                                                                                                                        Function 00007FF60A4E2500 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                        • String ID: P%
                                                                                                                                                                                                                                        • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                        • Opcode ID: 6e54ce7222580e4a214d1a9fc401257ee609a80b666226e2997e335eb7f2f95f
                                                                                                                                                                                                                                        • Instruction ID: e19db027d3dace7b89594ec6a4c6523ee59b8c5fcdde4cd77e0f4e8483c04fc9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e54ce7222580e4a214d1a9fc401257ee609a80b666226e2997e335eb7f2f95f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E4195762146A18AD720CF26E408BA977A1F788F99F184231EE8987B59DF7CD045CB20
                                                                                                                                                                                                                                        Function 00007FF60A4E86B0 Relevance: 15.1, APIs: 10, Instructions: 75fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fclose$clearerrferror$_wfopenfreadfwrite
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4075948245-0
                                                                                                                                                                                                                                        • Opcode ID: 819110cec4600f44a1e8774aa165f8ab1b8e80c1e91a5f874bae018f87a8a279
                                                                                                                                                                                                                                        • Instruction ID: d0b592a23cdb23b107aae48a0676794357e45caaf99777d7b2fe8f2c54eb48f9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 819110cec4600f44a1e8774aa165f8ab1b8e80c1e91a5f874bae018f87a8a279
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF21F31AB4D25301FD29E622AE153F962810F46BD0E3821F9ED1EAB7C7EE2CA9014340
                                                                                                                                                                                                                                        Function 00007FF60A4F2D4B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 176stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fwprintf$___lc_codepage_func___mb_cur_max_funcfputwcmemsetstrlen
                                                                                                                                                                                                                                        • String ID: %*.*S$%-*.*S$%.*S
                                                                                                                                                                                                                                        • API String ID: 1485978544-2115465065
                                                                                                                                                                                                                                        • Opcode ID: 5a4758fc2b7250ab57d84d915ac7ea9a8d289e4afafd195f03aed32c1a1e0ffa
                                                                                                                                                                                                                                        • Instruction ID: 9db1fee2920457d83f321cb5761c4392858f6ec77cccd6e1f2b2fb19392d1c09
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a4758fc2b7250ab57d84d915ac7ea9a8d289e4afafd195f03aed32c1a1e0ffa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D810A7BB54B458AE750CF6AC8806AC77E0F748BD8B219569EE5C87B58DF78D400CB40
                                                                                                                                                                                                                                        Function 00007FF60A4E8EC0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                                        • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                        • API String ID: 1374691127-27947307
                                                                                                                                                                                                                                        • Opcode ID: 610e830cc156b7b5144b5e984da796cd542280474a5d718d75e7e6b0456d95c9
                                                                                                                                                                                                                                        • Instruction ID: ee02104155687351956c9fb8aa7ccac4293dab5c9f20b2bdc27c4751ca28e837
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 610e830cc156b7b5144b5e984da796cd542280474a5d718d75e7e6b0456d95c9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9321D77BB09B0284FE10DB65FC507766651AF843D8F6852B9EA4E8B6D5EFBCE1048700
                                                                                                                                                                                                                                        Function 00007FF60A4E8DD0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                                        • String ID: Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Out of memory.$WideCharToMultiByte$win32_wcs_to_mbs
                                                                                                                                                                                                                                        • API String ID: 1374691127-3831141058
                                                                                                                                                                                                                                        • Opcode ID: 3053fae4ff6c96a7205fc05c2f0ab597f00dd46bdd9511d4cab0f019121f0fe5
                                                                                                                                                                                                                                        • Instruction ID: a1c9a8060428f57b4986f3705a4294cb27ac2b72ede08bc51fe0355aa72b0d61
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3053fae4ff6c96a7205fc05c2f0ab597f00dd46bdd9511d4cab0f019121f0fe5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8321AE37A0CA0684FB50DB69E8407AA6691AF487D8F6452B9E94DC62D5EFBCE1048700
                                                                                                                                                                                                                                        Function 00007FF60A4E89F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _errnostrerror$_strdupcalloc
                                                                                                                                                                                                                                        • String ID: LOADER: failed to allocate argv_pyi: %s$LOADER: failed to strdup argv[%d]: %s
                                                                                                                                                                                                                                        • API String ID: 4278403329-2782260415
                                                                                                                                                                                                                                        • Opcode ID: d96aacef9ed84a949530d77edcfedc7950ec38b60155a97baa6cd5d3fb4306df
                                                                                                                                                                                                                                        • Instruction ID: 49e3009552adbe4c49b51b1eee763a044e98dce699abbf1ba501c8e1ad53f66b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d96aacef9ed84a949530d77edcfedc7950ec38b60155a97baa6cd5d3fb4306df
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4117C2BA09A028AFA15EB94E841AF93691BF49BD4F7455B8DD1DC2392FE7CB454C300
                                                                                                                                                                                                                                        Function 00007FF60A4E6640 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 102stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: freestrlen
                                                                                                                                                                                                                                        • String ID: Failed to get _MEIPASS as PyObject.$Module object for %s is NULL!$_MEIPASS$_MEIPASS2$strict$utf-8
                                                                                                                                                                                                                                        • API String ID: 322734593-568040347
                                                                                                                                                                                                                                        • Opcode ID: a5cf2be722d84fc10180f0cf476f1804e4b747426b931160dd73358374bab8d8
                                                                                                                                                                                                                                        • Instruction ID: 8b806ea8f4955f84fb95709a0ad42a476107207ae54d566f1ee53a1d98d767b0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5cf2be722d84fc10180f0cf476f1804e4b747426b931160dd73358374bab8d8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1641A22BB19E0681EE15DB26E8444B96360BF59FD4F6845B6ED0E873A0EF3CE445C300
                                                                                                                                                                                                                                        Function 00007FF60A4E4EE0 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                        • String ID: %s%c%s$\$_MEIPASS2$base_library.zip$lib-dynload
                                                                                                                                                                                                                                        • API String ID: 626452242-1997419384
                                                                                                                                                                                                                                        • Opcode ID: 96eac9c964f75bfd1bb261b00fe75da3a025126ccef3a6a625524ed71a1e8126
                                                                                                                                                                                                                                        • Instruction ID: 353ef3794bcad1c5b420f2a2e57c4d29bb5d74a211a076bceb600242bdf58c7f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96eac9c964f75bfd1bb261b00fe75da3a025126ccef3a6a625524ed71a1e8126
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A319F27A48A8185E621CB54E8403EA6360FF84398F644376EE9D93BE5EF7CD145C740
                                                                                                                                                                                                                                        Function 00007FF60A4E9090 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 60COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                                        • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                        • API String ID: 1374691127-876015163
                                                                                                                                                                                                                                        • Opcode ID: 9bafd67a9e6ba27ecb336526dea89acf2ec330839c75d6e55779765ab19282cc
                                                                                                                                                                                                                                        • Instruction ID: eceb9906a15dac25b795140d9c72574255ab6078a0f9b17334c5307f423c3986
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9bafd67a9e6ba27ecb336526dea89acf2ec330839c75d6e55779765ab19282cc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1411B76BF09A0384FE24DB65EC503B59291AF487D8FA855B9D90D8B6E6FF7CE5048300
                                                                                                                                                                                                                                        Function 00007FF60A4E73C0 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 155COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free
                                                                                                                                                                                                                                        • String ID: _image_data$exit$rename ::source ::_source$source$tclInit$tcl_findLibrary
                                                                                                                                                                                                                                        • API String ID: 1294909896-1126984729
                                                                                                                                                                                                                                        • Opcode ID: d97ae4815509cc26e6e973629a1329cac86f451b544e01a121b7f206e9f1a56d
                                                                                                                                                                                                                                        • Instruction ID: 1d81b3b23b08b1cd89a723c5c5129cbb740458052ab02143e6e0f6b0387c58bb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d97ae4815509cc26e6e973629a1329cac86f451b544e01a121b7f206e9f1a56d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D071042BA08E4685EB11DF22E8547A93360FB49BC9F5441B2EE4E87764EF3CE509C341
                                                                                                                                                                                                                                        Function 00007FF60A4E67B0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: strlen
                                                                                                                                                                                                                                        • String ID: %U?%llu$Failed to append PYZ entry to sys.path!$Installing PYZ: Could not get sys.path!$path$strict$utf-8
                                                                                                                                                                                                                                        • API String ID: 39653677-372213108
                                                                                                                                                                                                                                        • Opcode ID: d4f4f0bb41883a37b964850e9d6525e6c82bda7dc6b4eb7bef36193f41cd0a21
                                                                                                                                                                                                                                        • Instruction ID: 6afa5f6faf8a146de21f48f85a27d35767bb29ee9a0e858e332248b91e13f381
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4f4f0bb41883a37b964850e9d6525e6c82bda7dc6b4eb7bef36193f41cd0a21
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38113D6BF49A1A81EA11DB19E8404B97360BF45FD8B644276DD1E877B0EF3CE515C700
                                                                                                                                                                                                                                        Function 00007FF60A4F3048 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fwprintf$fputwc
                                                                                                                                                                                                                                        • String ID: %*.*s$%-*.*s$%.*s
                                                                                                                                                                                                                                        • API String ID: 2988249585-4054516066
                                                                                                                                                                                                                                        • Opcode ID: 780129500cc8eb22b3af81c7775783de4b986a6307f7fb092a662ca78920ec8f
                                                                                                                                                                                                                                        • Instruction ID: 99cb75f8b009380dd08ad1b2eb435cf08af49d67321cdaed952acaaf7261e553
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 780129500cc8eb22b3af81c7775783de4b986a6307f7fb092a662ca78920ec8f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A971DC7BA04B89CADB50CF2AC8815AD77E0F748BD8B11956AEE5C87758DF38E510CB40
                                                                                                                                                                                                                                        Function 00007FF60A4E7D60 Relevance: 8.8, APIs: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: strlen$malloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3157260142-0
                                                                                                                                                                                                                                        • Opcode ID: bebafa3fc507f9c40b8e2e1084042dec21c5cd6be2e2a9f71abb3c5bc8a466b7
                                                                                                                                                                                                                                        • Instruction ID: 43fdfa6bdd0646da0f05b47ff25aedf5278208106ab9412ee25609aa25f346a5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bebafa3fc507f9c40b8e2e1084042dec21c5cd6be2e2a9f71abb3c5bc8a466b7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2211820BB8E14204FD9AEA93D511BBB65C11F45BF4D2D59B4DD0DCB782FE2CA4428340
                                                                                                                                                                                                                                        Function 00007FF60A4E2AD0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DialogLongWindow$InvalidateRect
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1200242243-0
                                                                                                                                                                                                                                        • Opcode ID: 57b41cf59eeebec43940bf3f5d915734346139c7fb041d6f7fac98ec8a71f233
                                                                                                                                                                                                                                        • Instruction ID: e18c22b5c6133ca2f56856982464a83570eb41e33af85ea41c920b21115e75af
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57b41cf59eeebec43940bf3f5d915734346139c7fb041d6f7fac98ec8a71f233
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C018437F1C46641FE65EB29E8446F81189BF897D1F7448B0D90AC5AD9ACEC68C15300
                                                                                                                                                                                                                                        Function 00007FF60A4EE640 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: CCG
                                                                                                                                                                                                                                        • API String ID: 0-1584390748
                                                                                                                                                                                                                                        • Opcode ID: 0e3aed78a1e4c150b1ff523e32ba85c0a188e2a4dfc2739e81b31b52371fb521
                                                                                                                                                                                                                                        • Instruction ID: e2fa44a652ba362817f01da950e0829d8e0f79f8fdae18a8b8cb95cb56c3f1a4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e3aed78a1e4c150b1ff523e32ba85c0a188e2a4dfc2739e81b31b52371fb521
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A411B7BE09A46DAFB20CB64D4453BC32A0BB05798F304AB5CA2DC77E5EE3CA5419741
                                                                                                                                                                                                                                        Function 00007FF60A4E2DC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF60A4E9090: MultiByteToWideChar.KERNEL32(00007FF60A4E2E07,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,?,00007FF60A4E2FD0), ref: 00007FF60A4E90C6
                                                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF60A4E2E28
                                                                                                                                                                                                                                        • MessageBoxA.USER32 ref: 00007FF60A4E2E4B
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                        • String ID: Failed to get UTF-8 buffer size.$WideCharToMultiByte
                                                                                                                                                                                                                                        • API String ID: 1878133881-785100509
                                                                                                                                                                                                                                        • Opcode ID: 996ea42dbfbdc6150fb3e78afd1d99beba1d91d16d45c08ba1a9db144a0f4385
                                                                                                                                                                                                                                        • Instruction ID: 28e76d6aadf02cfbf41ec93a9188b83a557bea78a0d0f68dd305ca5ce40966b9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 996ea42dbfbdc6150fb3e78afd1d99beba1d91d16d45c08ba1a9db144a0f4385
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D601FD6370429044FB229662ED09BFA41017B8AFE1F988074EF0D87BCAED3CD682C700
                                                                                                                                                                                                                                        Function 00007FF60A4E45A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharFileModuleMultiNameWide
                                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                        • API String ID: 1532159127-1977442011
                                                                                                                                                                                                                                        • Opcode ID: a705923171a296baecb93f2081270a394e4d88c8d8c6dfbd024d0ef3db960c6d
                                                                                                                                                                                                                                        • Instruction ID: 2e9bc3cf3cd800ff6d8ab6126ae88f8b81ddc41d0ec8135c0bd2828f391437c2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a705923171a296baecb93f2081270a394e4d88c8d8c6dfbd024d0ef3db960c6d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72F0AF5BF1C51385FE50D725EC153F50345AF057C0F6444B6E80EC66C6EE4DEA468300
                                                                                                                                                                                                                                        Function 00007FF60A4E51B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • calloc.MSVCRT ref: 00007FF60A4E51D1
                                                                                                                                                                                                                                          • Part of subcall function 00007FF60A4E9090: MultiByteToWideChar.KERNEL32(00007FF60A4E2E07,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,?,00007FF60A4E2FD0), ref: 00007FF60A4E90C6
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWidecalloc
                                                                                                                                                                                                                                        • String ID: _MEIPASS2
                                                                                                                                                                                                                                        • API String ID: 2568606709-3944641314
                                                                                                                                                                                                                                        • Opcode ID: 153298e754a5da29828527c7272e57dc28a8d1b5d2e4a766274f553e5afb193d
                                                                                                                                                                                                                                        • Instruction ID: 4cbf16cd6d5699cc2acb89d57f1769e26c13f581731e2968c22dcf275cc864fd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 153298e754a5da29828527c7272e57dc28a8d1b5d2e4a766274f553e5afb193d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0721A567A09A0A86FA14DB69DC802B97250FF497E5F7493B6DE2DC27D1EE78E010C701
                                                                                                                                                                                                                                        Function 00007FF60A4E2CC0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free$ByteCharMultiWide
                                                                                                                                                                                                                                        • String ID: Failed to obtain/convert traceback!
                                                                                                                                                                                                                                        • API String ID: 3219091393-982972847
                                                                                                                                                                                                                                        • Opcode ID: 9418ccf11d311c357f2c0b44d681edf2e8f7f8742d0759f808d0dfda2e738276
                                                                                                                                                                                                                                        • Instruction ID: b62657b13148e587912907acaa676985e919481ad9525dd36a2ffe23041e8953
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9418ccf11d311c357f2c0b44d681edf2e8f7f8742d0759f808d0dfda2e738276
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E701F74BB5916505FD1DE5B299217FA91844F44FC0E6C5878EE0ECBB83FD0CE4024700
                                                                                                                                                                                                                                        Function 00007FF60A4EDBC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fprintf
                                                                                                                                                                                                                                        • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                                        • API String ID: 383729395-3474627141
                                                                                                                                                                                                                                        • Opcode ID: 20dae29a08e59d28e827f7f7a2a2eda8259e4d1817ef6dbd98be60ed78e0c5d9
                                                                                                                                                                                                                                        • Instruction ID: 89d44ffc6f9d0e8d2066484b2464f308e65d91045c4a807ab721631545f2274b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20dae29a08e59d28e827f7f7a2a2eda8259e4d1817ef6dbd98be60ed78e0c5d9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7215B26A04FC49AEB128F68D8413EA7375FF59798F445622EE8C57768EF38D245C300
                                                                                                                                                                                                                                        Function 00007FF60A4E2FE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Message_errno
                                                                                                                                                                                                                                        • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                        • API String ID: 1796756983-2410924014
                                                                                                                                                                                                                                        • Opcode ID: 89ab3f84670d69496295afaeef3f91396c60eac41d8d5ed9af97d336e694a63d
                                                                                                                                                                                                                                        • Instruction ID: f29fc463882ccd8902460b83a9994f5c1705c6fa36ed4e083e6b770a14ab5d67
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89ab3f84670d69496295afaeef3f91396c60eac41d8d5ed9af97d336e694a63d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E01A22761C78081F620EB11F8007EA63A8FB897C0FA04135EF8C53B998E3CD246CB40
                                                                                                                                                                                                                                        Function 00007FF60A4EDC0C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fprintf
                                                                                                                                                                                                                                        • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                                        • API String ID: 383729395-2713391170
                                                                                                                                                                                                                                        • Opcode ID: 06bf403f4c0a9af45a90ca5965f87b6ee5c3a6750db8dc5ebbd969be290419dd
                                                                                                                                                                                                                                        • Instruction ID: 4806a8365e04f48271eb15a68bb6e00393478fd80e0e7dadd6d72d57dfd952bd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06bf403f4c0a9af45a90ca5965f87b6ee5c3a6750db8dc5ebbd969be290419dd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC014827A04F888AD7018F69D8402AA7764FB4EBD8F044766EE8D27769DF28C144C300
                                                                                                                                                                                                                                        Function 00007FF60A4EDC33 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fprintf
                                                                                                                                                                                                                                        • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                                        • API String ID: 383729395-4283191376
                                                                                                                                                                                                                                        • Opcode ID: 1dadd9d91598fd59cd3ee44cef548247d0e8863d0b21ccbc5bbcccc010ffab5c
                                                                                                                                                                                                                                        • Instruction ID: 84aaf290c8f9a83c96fce615d444a211bef5cf56b3a9ee7af4ce1ccff1b058a9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dadd9d91598fd59cd3ee44cef548247d0e8863d0b21ccbc5bbcccc010ffab5c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24014827A04F888AD7018F69D8402AA7764FB4DB98F044766EE8D27769DF28C144C300
                                                                                                                                                                                                                                        Function 00007FF60A4EDC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fprintf
                                                                                                                                                                                                                                        • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                                        • API String ID: 383729395-4064033741
                                                                                                                                                                                                                                        • Opcode ID: fc72b1ca348bb75ea9640cba4845ceefab8200df23c4986763f386d421d396ac
                                                                                                                                                                                                                                        • Instruction ID: 52c7c3c0a959be4563893880c8ec4f39036392ebf66e34653df6dac19e79e872
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc72b1ca348bb75ea9640cba4845ceefab8200df23c4986763f386d421d396ac
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3014827A04F888AD7018F69D8402AA7764FB4DBD8F044766EE8D27769DF28C184C300
                                                                                                                                                                                                                                        Function 00007FF60A4EDC19 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fprintf
                                                                                                                                                                                                                                        • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                                        • API String ID: 383729395-2468659920
                                                                                                                                                                                                                                        • Opcode ID: ec9f448085d72bf13c83586b7c52257c26f7af234c67fb9552149ff3dd26a3a7
                                                                                                                                                                                                                                        • Instruction ID: 126bf55f6a92db8899802d72235e739d1cecb34d871d3f76eb796888a0fd1949
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec9f448085d72bf13c83586b7c52257c26f7af234c67fb9552149ff3dd26a3a7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A015A27A04F888AD701CF69D8402AA7774FB4DBD8F044766EE8D2B769DF28C144C300
                                                                                                                                                                                                                                        Function 00007FF60A4EDC4D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fprintf
                                                                                                                                                                                                                                        • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                                        • API String ID: 383729395-2187435201
                                                                                                                                                                                                                                        • Opcode ID: 81b53d873045e560598026d8c864cfe1e58fa63b90fba301861682825eddf50a
                                                                                                                                                                                                                                        • Instruction ID: cc1f563fcd289137c7ee7c741359bfac187a3d4e052d93906559e648d2fb7911
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81b53d873045e560598026d8c864cfe1e58fa63b90fba301861682825eddf50a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB014827A04F888AD7018F69D8402AA7764FB4DB99F044766EE8D27769DF28C144C300
                                                                                                                                                                                                                                        Function 00007FF60A4EDC40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fprintf
                                                                                                                                                                                                                                        • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                                        • API String ID: 383729395-4273532761
                                                                                                                                                                                                                                        • Opcode ID: baefd7cba75bd780381bd2d5fed287ff04b74d7fa079984f5394eb8e5ce75d69
                                                                                                                                                                                                                                        • Instruction ID: 4a70d5598e5329a65c643ed4d30ad0311294f118bc4393b98100bc2dc2075608
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: baefd7cba75bd780381bd2d5fed287ff04b74d7fa079984f5394eb8e5ce75d69
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F015A27A04F888AD701CF69D8402AA7774FB4DBD8F044766EE8D27769DF28C184C300
                                                                                                                                                                                                                                        Function 00007FF60A4E4960 Relevance: 5.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                                                                                                                        • Opcode ID: 9c4186f722e86582c3b1398c543642522ac53436e10a90fe38125ad0e5a34d3b
                                                                                                                                                                                                                                        • Instruction ID: e28b4db0a632f7f51d81a7a4d4837e1fe39308d1112cbd5577e4bc180300f486
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c4186f722e86582c3b1398c543642522ac53436e10a90fe38125ad0e5a34d3b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB015E2BE8951182EB64DB76E4412A933A0FF88F94F266A75DE0D93346DD24DC81CB80
                                                                                                                                                                                                                                        Function 00007FF60A4E7060 Relevance: 5.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1433262949.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433228326.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433348597.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433468786.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433629197.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433653207.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433741686.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1433822676.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                                                                                                                        • Opcode ID: 17bb4e15e412b02df2bc7990f2a8c6dca0a60341a4ea025c79cb532fcc6a30aa
                                                                                                                                                                                                                                        • Instruction ID: bdc23b5639d1aade6c5fd95bc78ee05847d764a38f756b72d0718d8c71112b61
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17bb4e15e412b02df2bc7990f2a8c6dca0a60341a4ea025c79cb532fcc6a30aa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EF08C1FA8A50244FD2DEBA1F4103B972509F80BE0F2668B4CB4E976829E2CA4428700

                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                        Execution Coverage:2.7%
                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                        Signature Coverage:0.7%
                                                                                                                                                                                                                                        Total number of Nodes:962
                                                                                                                                                                                                                                        Total number of Limit Nodes:86
                                                                                                                                                                                                                                        execution_graph 30284 7ffb1c2e48d4 30293 7ffb1c2e3588 30284->30293 30287 7ffb1c2e4918 PySys_Audit 30288 7ffb1c2e4936 30287->30288 30291 7ffb1c2e494e 30287->30291 30320 7ffb1c2e3a8c PyEval_SaveThread connect PyEval_RestoreThread 30288->30320 30332 7ffb1c2e2280 8 API calls 2 library calls 30291->30332 30292 7ffb1c2e4970 30294 7ffb1c2e3769 _PyArg_ParseTuple_SizeT 30293->30294 30295 7ffb1c2e35b6 30293->30295 30299 7ffb1c2e37b6 PyErr_ExceptionMatches 30294->30299 30300 7ffb1c2e37fd 30294->30300 30297 7ffb1c2e35bf 30295->30297 30298 7ffb1c2e364e 30295->30298 30303 7ffb1c2e35c4 PyErr_Format 30297->30303 30307 7ffb1c2e35f0 _PyArg_ParseTuple_SizeT 30297->30307 30301 7ffb1c2e3699 _PyArg_ParseTuple_SizeT 30298->30301 30302 7ffb1c2e3675 PyErr_Format 30298->30302 30299->30303 30318 7ffb1c2e3635 30299->30318 30335 7ffb1c2e41c0 21 API calls 30300->30335 30301->30299 30304 7ffb1c2e36d7 30301->30304 30302->30318 30303->30318 30334 7ffb1c2e41c0 21 API calls 30304->30334 30307->30303 30309 7ffb1c2e3628 30307->30309 30333 7ffb1c2e40d4 PyErr_SetString __stdio_common_vsscanf 30309->30333 30311 7ffb1c2e3835 30311->30303 30316 7ffb1c2e3843 htons 30311->30316 30311->30318 30312 7ffb1c2e3816 30312->30311 30315 7ffb1c2e382f _Py_Dealloc 30312->30315 30313 7ffb1c2e36ed 30314 7ffb1c2e370d 30313->30314 30317 7ffb1c2e3707 _Py_Dealloc 30313->30317 30314->30303 30314->30318 30319 7ffb1c2e373a htons htonl 30314->30319 30315->30311 30316->30318 30317->30314 30318->30287 30318->30291 30319->30318 30321 7ffb1c2e3ad6 WSAGetLastError WSAGetLastError 30320->30321 30331 7ffb1c2e3b35 30320->30331 30322 7ffb1c2e3aef PyErr_CheckSignals 30321->30322 30323 7ffb1c2e3af9 30321->30323 30322->30323 30322->30331 30324 7ffb1c2e3b25 30323->30324 30325 7ffb1c2e3b3c 30323->30325 30326 7ffb1c2e3b2a WSASetLastError 30324->30326 30324->30331 30327 7ffb1c2e3b57 30325->30327 30328 7ffb1c2e3b70 30325->30328 30326->30331 30336 7ffb1c2e46bc 25 API calls 30327->30336 30337 7ffb1c2e46bc 25 API calls 30328->30337 30331->30291 30332->30292 30333->30318 30334->30313 30335->30312 30336->30331 30337->30331 30338 7ffb0be41170 PyModule_GetState PyDict_New 30339 7ffb0be41328 30338->30339 30340 7ffb0be411a9 PyDict_New 30338->30340 30340->30339 30341 7ffb0be411bc PyDict_New 30340->30341 30341->30339 30352 7ffb0be411cf 30341->30352 30342 7ffb0be412e0 PyModule_AddObjectRef 30342->30339 30345 7ffb0be412f8 PyModule_AddObjectRef 30342->30345 30343 7ffb0be41280 PyLong_FromLong PyUnicode_FromString 30343->30339 30349 7ffb0be4126f 30343->30349 30344 7ffb0be411e6 PyUnicode_FromString _Py_BuildValue_SizeT 30344->30339 30344->30352 30345->30339 30347 7ffb0be41310 PyModule_AddObjectRef 30345->30347 30346 7ffb0be412aa PyDict_SetItem 30346->30339 30346->30349 30347->30339 30348 7ffb0be4121a PyDict_SetItem 30348->30339 30350 7ffb0be41232 PyDict_SetItem 30348->30350 30349->30339 30349->30342 30349->30343 30349->30346 30351 7ffb0be43556 _Py_Dealloc 30349->30351 30353 7ffb0be43565 _Py_Dealloc 30349->30353 30350->30339 30350->30352 30351->30353 30352->30339 30352->30344 30352->30348 30352->30349 30354 7ffb0be43538 _Py_Dealloc 30352->30354 30355 7ffb0be43547 _Py_Dealloc 30352->30355 30354->30355 30355->30351 30356 7ffb0be48958 30357 7ffb0be48960 30356->30357 30358 7ffb0be48984 PyWeakref_GetObject 30357->30358 30372 7ffb0be48a33 30357->30372 30359 7ffb0be4899c 30358->30359 30358->30372 30360 7ffb0be489cb SSL_get_rbio BIO_ctrl SSL_get_wbio BIO_ctrl 30359->30360 30361 7ffb0be489a5 30359->30361 30362 7ffb0be48a1f _PyDeadline_Init 30360->30362 30360->30372 30387 7ffb0be46120 31 API calls 30361->30387 30363 7ffb0be48a3e PyEval_SaveThread SSL_do_handshake 30362->30363 30384 7ffb0be446a0 30363->30384 30367 7ffb0be48b6a 30368 7ffb0be48b7e 30367->30368 30370 7ffb0be48b75 _Py_Dealloc 30367->30370 30390 7ffb0be43a2c _PyErr_ChainExceptions 30368->30390 30369 7ffb0be48ab4 _PyDeadline_Get 30369->30372 30370->30368 30372->30363 30372->30369 30375 7ffb0be48b05 30372->30375 30377 7ffb0be48b35 PyErr_SetString 30372->30377 30388 7ffb0be43fa8 12 API calls 30372->30388 30374 7ffb0be48b19 30379 7ffb0be48ba0 30374->30379 30380 7ffb0be48b28 30374->30380 30375->30374 30378 7ffb0be48b10 _Py_Dealloc 30375->30378 30377->30367 30378->30374 30391 7ffb0be43a2c _PyErr_ChainExceptions 30379->30391 30389 7ffb0be43b78 37 API calls 30380->30389 30383 7ffb0be489c6 30385 7ffb0be446e5 PyEval_RestoreThread PyErr_CheckSignals 30384->30385 30386 7ffb0be446c4 WSAGetLastError _errno SSL_get_error 30384->30386 30385->30367 30385->30372 30386->30385 30387->30383 30388->30372 30389->30383 30390->30383 30391->30383 30392 7ffb1c4fd790 30425 7ffb1c4fd370 30392->30425 30395 7ffb1c4fd7a8 PyModule_Create2 30396 7ffb1c4fd7c6 PyModule_GetDict 30395->30396 30424 7ffb1c4fdaa7 30395->30424 30397 7ffb1c4fd7db 30396->30397 30396->30424 30398 7ffb1c4fdab5 PyErr_SetString 30397->30398 30399 7ffb1c4fd7f9 PyDict_SetItemString 30397->30399 30398->30424 30400 7ffb1c4fd812 PyDict_SetItemString 30399->30400 30399->30424 30401 7ffb1c4fd832 PyDict_SetItemString 30400->30401 30400->30424 30402 7ffb1c4fd852 PyDict_SetItemString 30401->30402 30401->30424 30403 7ffb1c4fd872 PyModule_AddIntConstant 30402->30403 30402->30424 30404 7ffb1c4fd891 PyDict_SetItemString 30403->30404 30403->30424 30405 7ffb1c4fd8b1 PyType_Ready 30404->30405 30404->30424 30406 7ffb1c4fd8c7 PyDict_SetItemString 30405->30406 30405->30424 30407 7ffb1c4fd8e7 PyType_Ready 30406->30407 30406->30424 30408 7ffb1c4fd8fd PyDict_SetItemString 30407->30408 30407->30424 30409 7ffb1c4fd91d PyType_Ready 30408->30409 30408->30424 30410 7ffb1c4fd933 PyDict_SetItemString 30409->30410 30409->30424 30411 7ffb1c4fd953 PyType_Ready 30410->30411 30410->30424 30412 7ffb1c4fd969 PyDict_SetItemString 30411->30412 30411->30424 30413 7ffb1c4fd989 PyType_Ready 30412->30413 30412->30424 30414 7ffb1c4fd99f PyDict_SetItemString 30413->30414 30413->30424 30415 7ffb1c4fd9bf PyType_Ready 30414->30415 30414->30424 30416 7ffb1c4fd9d5 PyDict_SetItemString 30415->30416 30415->30424 30417 7ffb1c4fd9f5 PyType_Ready 30416->30417 30416->30424 30418 7ffb1c4fda0b PyDict_SetItemString 30417->30418 30417->30424 30419 7ffb1c4fda2b PyType_Ready 30418->30419 30418->30424 30420 7ffb1c4fda41 PyDict_SetItemString 30419->30420 30419->30424 30421 7ffb1c4fda5d PyDict_SetItemString 30420->30421 30420->30424 30422 7ffb1c4fda79 PyType_Ready 30421->30422 30421->30424 30423 7ffb1c4fda8b PyDict_SetItemString 30422->30423 30422->30424 30423->30424 30426 7ffb1c4fd3b4 LocalAlloc 30425->30426 30427 7ffb1c4fd37e PyThreadState_Swap 30425->30427 30430 7ffb1c4fd3e4 TlsSetValue PyThreadState_Swap PyThreadState_Swap 30426->30430 30431 7ffb1c4fd3cf _Py_FatalErrorFunc 30426->30431 30428 7ffb1c4fd3a3 PyThreadState_Swap 30427->30428 30429 7ffb1c4fd38e _Py_FatalErrorFunc 30427->30429 30428->30426 30429->30428 30432 7ffb1c4fd421 PyDict_New 30430->30432 30433 7ffb1c4fd57d PyType_Ready 30430->30433 30431->30430 30434 7ffb1c4fd42f PyUnicode_DecodeMBCS 30432->30434 30460 7ffb1c4fd45f 30432->30460 30435 7ffb1c4fd593 PyType_Ready 30433->30435 30433->30460 30437 7ffb1c4fd473 PyDict_SetItemString PyDict_SetItemString 30434->30437 30438 7ffb1c4fd450 30434->30438 30436 7ffb1c4fd5a9 PyType_Ready 30435->30436 30435->30460 30441 7ffb1c4fd5bf PyType_Ready 30436->30441 30436->30460 30439 7ffb1c4fd4a6 _Py_Dealloc 30437->30439 30440 7ffb1c4fd4af PyImport_ImportModule 30437->30440 30442 7ffb1c4fd456 _Py_Dealloc 30438->30442 30438->30460 30439->30440 30443 7ffb1c4fd4c4 PyDict_SetItemString 30440->30443 30440->30460 30444 7ffb1c4fd5d5 PyType_Ready 30441->30444 30441->30460 30442->30460 30445 7ffb1c4fd4e9 30443->30445 30443->30460 30446 7ffb1c4fd5eb PyType_Ready 30444->30446 30444->30460 30447 7ffb1c4fd4f7 PyRun_StringFlags 30445->30447 30448 7ffb1c4fd4ee _Py_Dealloc 30445->30448 30449 7ffb1c4fd601 PyType_Ready 30446->30449 30446->30460 30451 7ffb1c4fd521 30447->30451 30447->30460 30448->30447 30450 7ffb1c4fd617 PyType_Ready 30449->30450 30449->30460 30452 7ffb1c4fd62d PyType_Ready 30450->30452 30450->30460 30453 7ffb1c4fd527 _Py_Dealloc 30451->30453 30454 7ffb1c4fd530 PyDict_GetItemString 30451->30454 30455 7ffb1c4fd643 PyCapsule_Import 30452->30455 30452->30460 30453->30454 30456 7ffb1c4fd54f PyDict_GetItemString 30454->30456 30457 7ffb1c4fd54c 30454->30457 30458 7ffb1c4fd662 PyType_Ready 30455->30458 30455->30460 30459 7ffb1c4fd56b 30456->30459 30457->30456 30458->30460 30459->30433 30461 7ffb1c4fd574 _Py_Dealloc 30459->30461 30460->30395 30460->30424 30461->30433 30462 7ffb1c2e4eac 30463 7ffb1c2e4ee6 30462->30463 30464 7ffb1c2e4f07 _PyArg_UnpackKeywords 30463->30464 30465 7ffb1c2e4f4e 30463->30465 30464->30465 30466 7ffb1c2e4fe4 30464->30466 30468 7ffb1c2e4f73 30465->30468 30469 7ffb1c2e4f5b _PyLong_AsInt 30465->30469 30477 7ffb1c2e4fc2 30465->30477 30514 7ffb1c2e2280 8 API calls 2 library calls 30466->30514 30473 7ffb1c2e4f9a 30468->30473 30474 7ffb1c2e4f82 _PyLong_AsInt 30468->30474 30468->30477 30469->30468 30471 7ffb1c2e4f68 PyErr_Occurred 30469->30471 30471->30466 30471->30468 30472 7ffb1c2e4ff8 30476 7ffb1c2e4fa9 _PyLong_AsInt 30473->30476 30473->30477 30474->30473 30475 7ffb1c2e4f8f PyErr_Occurred 30474->30475 30475->30466 30475->30473 30476->30477 30478 7ffb1c2e4fb7 PyErr_Occurred 30476->30478 30479 7ffb1c2e500c 30477->30479 30478->30466 30478->30477 30480 7ffb1c2e5048 30479->30480 30481 7ffb1c2e5054 PySys_Audit 30479->30481 30480->30481 30482 7ffb1c2e5094 30480->30482 30483 7ffb1c2e507b 30481->30483 30510 7ffb1c2e50cf 30481->30510 30485 7ffb1c2e50a8 30482->30485 30486 7ffb1c2e5283 PyLong_AsLongLong 30482->30486 30483->30482 30484 7ffb1c2e535b PyEval_SaveThread 30483->30484 30490 7ffb1c2e539a WSASocketW 30484->30490 30491 7ffb1c2e53c5 socket 30484->30491 30492 7ffb1c2e50f6 PySys_Audit 30485->30492 30493 7ffb1c2e50b2 PyErr_Format 30485->30493 30487 7ffb1c2e5295 PyErr_Occurred 30486->30487 30488 7ffb1c2e52c0 memset getsockname 30486->30488 30494 7ffb1c2e52a4 PyErr_SetString 30487->30494 30487->30510 30496 7ffb1c2e52f1 30488->30496 30497 7ffb1c2e52fd 30488->30497 30498 7ffb1c2e53b8 30490->30498 30499 7ffb1c2e53ce PyEval_RestoreThread 30490->30499 30491->30499 30505 7ffb1c2e51d3 PyEval_SaveThread WSASocketW PyEval_RestoreThread 30492->30505 30492->30510 30493->30510 30494->30510 30495 7ffb1c2e50e4 30495->30466 30507 7ffb1c2e531c getsockopt 30496->30507 30509 7ffb1c2e521e 30496->30509 30500 7ffb1c2e5214 30497->30500 30503 7ffb1c2e5306 WSAGetLastError 30497->30503 30498->30491 30499->30500 30501 7ffb1c2e53e1 30499->30501 30516 7ffb1c2e4008 WSAGetLastError PyErr_SetExcFromWindowsErr PyErr_SetFromErrno 30500->30516 30504 7ffb1c2e53f1 SetHandleInformation 30501->30504 30501->30509 30503->30496 30503->30500 30508 7ffb1c2e5409 closesocket PyErr_SetFromWindowsErr 30504->30508 30504->30509 30505->30500 30505->30509 30507->30500 30507->30509 30508->30510 30509->30510 30517 7ffb1c2e3cc4 PyEval_SaveThread ioctlsocket 30509->30517 30515 7ffb1c2e2280 8 API calls 2 library calls 30510->30515 30513 7ffb1c2e5275 closesocket 30513->30510 30514->30472 30515->30495 30516->30510 30518 7ffb1c2e3d0a PyEval_RestoreThread 30517->30518 30519 7ffb1c2e3d14 PyEval_RestoreThread WSAGetLastError PyErr_SetExcFromWindowsErr 30517->30519 30520 7ffb1c2e3d37 30518->30520 30519->30520 30520->30510 30520->30513 30521 7ffb1c2e45e8 30522 7ffb1c2e3588 34 API calls 30521->30522 30523 7ffb1c2e4628 30522->30523 30524 7ffb1c2e462c PySys_Audit 30523->30524 30526 7ffb1c2e4686 30523->30526 30525 7ffb1c2e464a PyEval_SaveThread bind PyEval_RestoreThread 30524->30525 30524->30526 30525->30526 30529 7ffb1c2e2280 8 API calls 2 library calls 30526->30529 30528 7ffb1c2e46a9 30529->30528 30530 7ffb0be47ebc 30532 7ffb0be47ee8 30530->30532 30531 7ffb0be47f12 _PyArg_UnpackKeywords 30534 7ffb0be47f4f 30531->30534 30537 7ffb0be47f90 30531->30537 30532->30531 30532->30534 30538 7ffb0be47fb0 _errno 30534->30538 30535 7ffb0be47fa3 30572 7ffb0be42590 8 API calls 2 library calls 30537->30572 30539 7ffb0be4803f PyUnicode_FSConverter 30538->30539 30540 7ffb0be48015 30538->30540 30539->30540 30543 7ffb0be48050 PyErr_ExceptionMatches 30539->30543 30541 7ffb0be48076 PyUnicode_FSConverter 30540->30541 30542 7ffb0be4801a 30540->30542 30541->30542 30544 7ffb0be48087 PyErr_ExceptionMatches 30541->30544 30546 7ffb0be48023 30542->30546 30547 7ffb0be48116 30542->30547 30548 7ffb0be480c0 PyUnicode_AsASCIIString 30542->30548 30549 7ffb0be4813a PyObject_CheckBuffer 30542->30549 30545 7ffb0be4822c 30543->30545 30543->30546 30544->30545 30544->30546 30552 7ffb0be48244 30545->30552 30556 7ffb0be4823e _Py_Dealloc 30545->30556 30550 7ffb0be4802a PyErr_SetString 30546->30550 30547->30545 30559 7ffb0be481ca PyEval_SaveThread SSL_CTX_load_verify_locations PyEval_RestoreThread 30547->30559 30553 7ffb0be480f2 30548->30553 30554 7ffb0be480ce PyErr_ExceptionMatches 30548->30554 30549->30546 30551 7ffb0be48144 PyObject_GetBuffer 30549->30551 30550->30545 30551->30545 30555 7ffb0be4815c PyBuffer_IsContiguous 30551->30555 30557 7ffb0be48259 30552->30557 30562 7ffb0be48253 _Py_Dealloc 30552->30562 30573 7ffb0be449b4 45 API calls 30553->30573 30554->30545 30554->30546 30560 7ffb0be4819f PyBuffer_Release 30555->30560 30561 7ffb0be4816c 30555->30561 30556->30552 30557->30537 30559->30545 30564 7ffb0be481f3 _errno 30559->30564 30560->30550 30561->30560 30565 7ffb0be48172 30561->30565 30562->30557 30563 7ffb0be48105 30563->30547 30566 7ffb0be4810d _Py_Dealloc 30563->30566 30567 7ffb0be481fe ERR_clear_error PyErr_SetFromErrno 30564->30567 30568 7ffb0be48216 30564->30568 30574 7ffb0be449b4 45 API calls 30565->30574 30566->30547 30567->30545 30575 7ffb0be46120 31 API calls 30568->30575 30571 7ffb0be48188 PyBuffer_Release 30571->30545 30571->30547 30572->30535 30573->30563 30574->30571 30575->30545 30576 7ffb1c2e6384 30581 7ffb1c2e7964 30576->30581 30579 7ffb1c2e63b4 30580 7ffb1c2e3cc4 6 API calls 30580->30579 30582 7ffb1c2e7976 _PyTime_FromSeconds 30581->30582 30583 7ffb1c2e798c _PyTime_FromSecondsObject 30581->30583 30585 7ffb1c2e6397 30582->30585 30584 7ffb1c2e799c 30583->30584 30583->30585 30586 7ffb1c2e79a4 PyErr_SetString 30584->30586 30587 7ffb1c2e79c2 _PyTime_AsTimeval _PyTime_AsMilliseconds 30584->30587 30585->30579 30585->30580 30586->30585 30587->30585 30588 7ffb1c2e7a0e PyErr_SetString 30587->30588 30588->30585 30589 7ffb1c2e4864 30590 7ffb1c2e487b PyEval_SaveThread closesocket PyEval_RestoreThread 30589->30590 30591 7ffb1c2e48b9 30589->30591 30590->30591 30592 7ffb1c2e48ae _errno 30590->30592 30592->30591 30593 7ff60a4e37e0 30594 7ff60a4e37f6 30593->30594 30595 7ff60a4e3a51 30594->30595 30596 7ff60a4e381c 30594->30596 30654 7ff60a4e2e60 10 API calls 30595->30654 30598 7ff60a4e3a5d 30596->30598 30605 7ff60a4e3834 30596->30605 30655 7ff60a4e2e60 10 API calls 30598->30655 30602 7ff60a4e3946 30650 7ff60a4e2e60 10 API calls 30602->30650 30604 7ff60a4e3ba8 30605->30602 30606 7ff60a4e3959 30605->30606 30608 7ff60a4e3930 30605->30608 30609 7ff60a4e3921 free 30605->30609 30611 7ff60a4e3973 30605->30611 30621 7ff60a4e1b30 30605->30621 30647 7ff60a4e3240 30605->30647 30651 7ff60a4e2e60 10 API calls 30606->30651 30609->30605 30610 7ff60a4e3a6e 30610->30604 30615 7ff60a4e3b9d _strdup 30610->30615 30612 7ff60a4e39cb _strdup 30611->30612 30613 7ff60a4e39d6 30611->30613 30612->30613 30652 7ff60a4e2240 strlen strncmp 30613->30652 30615->30604 30616 7ff60a4e39f1 30616->30610 30617 7ff60a4e39f9 _strdup 30616->30617 30618 7ff60a4e3a20 30617->30618 30653 7ff60a4e2cc0 28 API calls 30618->30653 30620 7ff60a4e3a37 free free 30620->30608 30656 7ff60a4e4650 30621->30656 30623 7ff60a4e1b52 30624 7ff60a4e1b5e 30623->30624 30625 7ff60a4e1c60 30623->30625 30662 7ff60a4f0020 30624->30662 30690 7ff60a4e2e60 10 API calls 30625->30690 30628 7ff60a4e1c08 30628->30605 30630 7ff60a4e1c40 30689 7ff60a4e2fe0 11 API calls 30630->30689 30631 7ff60a4e1b78 malloc 30633 7ff60a4e1b91 30631->30633 30634 7ff60a4e1c76 30631->30634 30635 7ff60a4e1c20 30633->30635 30636 7ff60a4e1b9d 30633->30636 30691 7ff60a4e2fe0 11 API calls 30634->30691 30665 7ff60a4e1710 30635->30665 30638 7ff60a4e1ba5 30636->30638 30639 7ff60a4e1bb8 fread 30636->30639 30641 7ff60a4e1c00 fclose 30638->30641 30642 7ff60a4e1bb0 30639->30642 30643 7ff60a4e1bdd 30639->30643 30641->30628 30642->30639 30642->30641 30688 7ff60a4e2fe0 11 API calls 30643->30688 30644 7ff60a4e1c31 30644->30641 30646 7ff60a4e1bf5 free 30644->30646 30646->30638 30722 7ff60a4f01e0 30647->30722 30650->30608 30651->30608 30652->30616 30653->30620 30654->30598 30655->30610 30657 7ff60a4e465d 30656->30657 30692 7ff60a4e9090 30657->30692 30660 7ff60a4e9090 10 API calls 30661 7ff60a4e468f _wfopen 30660->30661 30661->30623 30708 7ff60a4f0060 30662->30708 30714 7ff60a4ea920 30665->30714 30667 7ff60a4e1779 30668 7ff60a4e1783 malloc 30667->30668 30669 7ff60a4e1a58 30667->30669 30670 7ff60a4e1aaf 30668->30670 30671 7ff60a4e1799 malloc 30668->30671 30719 7ff60a4e2e60 10 API calls 30669->30719 30721 7ff60a4e2fe0 11 API calls 30670->30721 30674 7ff60a4e17af 30671->30674 30675 7ff60a4e1a98 30671->30675 30676 7ff60a4e17d5 fread 30674->30676 30720 7ff60a4e2fe0 11 API calls 30675->30720 30678 7ff60a4e17fd ferror 30676->30678 30683 7ff60a4e1854 30676->30683 30682 7ff60a4e180d 30678->30682 30678->30683 30680 7ff60a4e1ad0 30681 7ff60a4e1892 30685 7ff60a4e189f free free 30681->30685 30682->30676 30682->30680 30682->30683 30684 7ff60a4e18e7 fwrite 30682->30684 30683->30681 30718 7ff60a4e2e60 10 API calls 30683->30718 30684->30683 30686 7ff60a4e190f ferror 30684->30686 30685->30644 30686->30683 30687 7ff60a4e1924 30686->30687 30687->30682 30688->30646 30689->30638 30690->30628 30691->30638 30693 7ff60a4e90a3 30692->30693 30694 7ff60a4e90e0 MultiByteToWideChar 30692->30694 30697 7ff60a4e90ad MultiByteToWideChar 30693->30697 30695 7ff60a4e9115 calloc 30694->30695 30696 7ff60a4e9168 30694->30696 30695->30697 30698 7ff60a4e912b 30695->30698 30707 7ff60a4e2f40 10 API calls 30696->30707 30700 7ff60a4e9148 30697->30700 30703 7ff60a4e467e 30697->30703 30705 7ff60a4e2f40 10 API calls 30698->30705 30706 7ff60a4e2f40 10 API calls 30700->30706 30703->30660 30704 7ff60a4e9140 30704->30703 30705->30704 30706->30703 30707->30703 30709 7ff60a4f00a6 30708->30709 30713 7ff60a4f007a 30708->30713 30710 7ff60a4f00e8 _errno 30709->30710 30709->30713 30712 7ff60a4e1b70 30710->30712 30711 7ff60a4f00fa fsetpos 30711->30712 30712->30630 30712->30631 30713->30711 30713->30712 30716 7ff60a4ea830 30714->30716 30715 7ff60a4ea87e malloc 30717 7ff60a4ea893 30715->30717 30716->30715 30716->30717 30717->30667 30718->30681 30719->30682 30720->30670 30721->30670 30723 7ff60a4f0202 30722->30723 30724 7ff60a4f022b 30722->30724 30728 7ff60a4f22d2 fputc 30723->30728 30729 7ff60a4f22d2 fputc 30724->30729 30727 7ff60a4e325d 30727->30605 30728->30727 30729->30727 30730 7ffb1c2e6200 _PyArg_ParseTuple_SizeT 30731 7ffb1c2e6267 PyErr_Clear _PyArg_ParseTuple_SizeT 30730->30731 30732 7ffb1c2e623a setsockopt 30730->30732 30731->30732 30734 7ffb1c2e62c2 PyErr_Clear _PyArg_ParseTuple_SizeT 30731->30734 30738 7ffb1c2e632b 30732->30738 30735 7ffb1c2e62f6 30734->30735 30734->30738 30736 7ffb1c2e6303 PyBuffer_Release PyErr_Format 30735->30736 30737 7ffb1c2e632f setsockopt PyBuffer_Release 30735->30737 30736->30738 30737->30738 30739 7ffb1c2e1060 WSAStartup 30740 7ffb1c2e3108 30739->30740 30741 7ffb1c2e10b0 Py_AtExit 30739->30741 30744 7ffb1c2e313c PyErr_SetString 30740->30744 30748 7ffb1c2e311c PyErr_Format 30740->30748 30742 7ffb1c2e1159 PyModule_Create2 30741->30742 30743 7ffb1c2e10d1 30741->30743 30746 7ffb1c2e1185 PyModule_AddObject PyErr_NewException 30742->30746 30747 7ffb1c2e216b 30742->30747 30749 7ffb1c2e10f0 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 30743->30749 30751 7ffb1c2e3162 PyErr_NoMemory 30744->30751 30746->30747 30750 7ffb1c2e11cf PyModule_AddObject PyErr_NewException 30746->30750 30776 7ffb1c2e2280 8 API calls 2 library calls 30747->30776 30748->30744 30749->30742 30750->30747 30753 7ffb1c2e120f PyModule_AddObject PyModule_AddObjectRef PyModule_AddObject 30750->30753 30751->30747 30765 7ffb1c2e3171 30751->30765 30753->30747 30755 7ffb1c2e1268 PyModule_AddObject 30753->30755 30754 7ffb1c2e217d 30755->30747 30757 7ffb1c2e128a PyModule_AddObject PyMem_Malloc 30755->30757 30756 7ffb1c2e322a _Py_Dealloc 30756->30747 30757->30751 30758 7ffb1c2e12bb PyCapsule_New 30757->30758 30759 7ffb1c2e130a PyModule_AddObject 30758->30759 30760 7ffb1c2e3176 30758->30760 30761 7ffb1c2e1325 150 API calls 30759->30761 30762 7ffb1c2e318c 30759->30762 30777 7ffb1c2e4b80 _Py_Dealloc _Py_Dealloc _Py_Dealloc PyMem_Free 30760->30777 30764 7ffb1c2e2037 PyLong_FromUnsignedLong 30761->30764 30762->30765 30766 7ffb1c2e3191 _Py_Dealloc 30762->30766 30764->30747 30767 7ffb1c2e2048 PyModule_AddObject 30764->30767 30765->30747 30765->30756 30766->30765 30767->30764 30768 7ffb1c2e2066 PyModule_AddIntConstant PyModule_AddIntConstant PyModule_AddIntConstant PyModule_AddIntConstant PyModule_GetDict 30767->30768 30768->30765 30769 7ffb1c2e20cd VerSetConditionMask VerSetConditionMask VerSetConditionMask 30768->30769 30770 7ffb1c2e214a VerifyVersionInfoA 30769->30770 30770->30747 30771 7ffb1c2e31a8 PyUnicode_FromString 30770->30771 30771->30765 30772 7ffb1c2e31c8 _PyDict_Pop 30771->30772 30773 7ffb1c2e31e5 _Py_Dealloc 30772->30773 30774 7ffb1c2e31ee 30772->30774 30773->30774 30774->30765 30774->30770 30775 7ffb1c2e31fa _Py_Dealloc 30774->30775 30775->30774 30776->30754 30778 7ffb1c2e6660 _PyArg_ParseTupleAndKeywords_SizeT 30779 7ffb1c2e6700 30778->30779 30808 7ffb1c2e696a 30778->30808 30780 7ffb1c2e6744 30779->30780 30781 7ffb1c2e6722 PyUnicode_AsEncodedString 30779->30781 30783 7ffb1c2e670d 30779->30783 30784 7ffb1c2e69ca PyErr_SetString 30780->30784 30785 7ffb1c2e674e PyBytes_AsString 30780->30785 30781->30783 30781->30808 30787 7ffb1c2e67b2 30783->30787 30788 7ffb1c2e676c PyLong_AsLong 30783->30788 30784->30808 30785->30783 30786 7ffb1c2e69ef 30791 7ffb1c2e67be PyUnicode_AsUTF8 30787->30791 30792 7ffb1c2e67dd 30787->30792 30789 7ffb1c2e677c PyErr_Occurred 30788->30789 30790 7ffb1c2e678b PyOS_snprintf 30788->30790 30789->30790 30803 7ffb1c2e6885 30789->30803 30793 7ffb1c2e67f6 PySys_Audit 30790->30793 30794 7ffb1c2e67d3 30791->30794 30791->30803 30792->30793 30792->30794 30797 7ffb1c2e698e PyErr_SetString 30792->30797 30795 7ffb1c2e682a PyEval_SaveThread getaddrinfo PyEval_RestoreThread 30793->30795 30793->30808 30794->30793 30798 7ffb1c2e688a PyList_New 30795->30798 30799 7ffb1c2e687e 30795->30799 30796 7ffb1c2e69b9 30801 7ffb1c2e69c2 freeaddrinfo 30796->30801 30796->30808 30797->30803 30798->30803 30816 7ffb1c2e689e 30798->30816 30819 7ffb1c2e403c _Py_BuildValue_SizeT PyErr_SetObject _Py_Dealloc 30799->30819 30800 7ffb1c2e69b0 _Py_Dealloc 30800->30796 30801->30808 30803->30796 30803->30800 30804 7ffb1c2e6947 30805 7ffb1c2e695b 30804->30805 30807 7ffb1c2e6952 _Py_Dealloc 30804->30807 30805->30808 30809 7ffb1c2e6964 freeaddrinfo 30805->30809 30807->30805 30821 7ffb1c2e2280 8 API calls 2 library calls 30808->30821 30809->30808 30810 7ffb1c2e68c8 _Py_BuildValue_SizeT 30813 7ffb1c2e6905 _Py_Dealloc 30810->30813 30810->30816 30811 7ffb1c2e697d 30811->30803 30812 7ffb1c2e6983 _Py_Dealloc 30811->30812 30812->30803 30813->30816 30814 7ffb1c2e6913 PyList_Append 30815 7ffb1c2e696f 30814->30815 30814->30816 30815->30811 30817 7ffb1c2e6974 _Py_Dealloc 30815->30817 30816->30804 30816->30810 30816->30811 30816->30814 30818 7ffb1c2e6931 _Py_Dealloc 30816->30818 30820 7ffb1c2e3ea0 25 API calls 30816->30820 30817->30811 30818->30816 30819->30803 30820->30816 30821->30786 30822 7ffb0be46b64 PyType_GetModuleByDef PyModule_GetState 30823 7ffb0be46b9e PyType_GetModuleByDef PyModule_GetState 30822->30823 30824 7ffb0be46bca 30822->30824 30823->30824 30825 7ffb0be46be3 30823->30825 30824->30825 30826 7ffb0be46bcf _PyArg_NoKeywords 30824->30826 30827 7ffb0be46bf2 _PyArg_CheckPositional 30825->30827 30828 7ffb0be46c06 _PyLong_AsInt 30825->30828 30826->30825 30832 7ffb0be46c2c 30826->30832 30827->30828 30827->30832 30829 7ffb0be46c22 30828->30829 30830 7ffb0be46c17 PyErr_Occurred 30828->30830 30833 7ffb0be4760c PyType_GetModuleByDef 30829->30833 30830->30829 30830->30832 30834 7ffb0be4763e PyErr_SetString 30833->30834 30835 7ffb0be47670 30833->30835 30841 7ffb0be47655 30834->30841 30836 7ffb0be4767f 30835->30836 30837 7ffb0be47733 PyErr_WarnEx 30835->30837 30838 7ffb0be47708 PyErr_WarnEx 30836->30838 30839 7ffb0be47688 30836->30839 30840 7ffb0be47756 TLS_method 30837->30840 30837->30841 30838->30841 30844 7ffb0be4772b TLSv1_method 30838->30844 30842 7ffb0be476dd PyErr_WarnEx 30839->30842 30843 7ffb0be4768d 30839->30843 30845 7ffb0be4775c 30840->30845 30841->30832 30842->30841 30850 7ffb0be47700 TLSv1_1_method 30842->30850 30848 7ffb0be47692 30843->30848 30849 7ffb0be476b6 PyErr_WarnEx 30843->30849 30844->30845 30846 7ffb0be47764 PyErr_Format 30845->30846 30847 7ffb0be47783 PyEval_SaveThread SSL_CTX_new PyEval_RestoreThread 30845->30847 30846->30841 30851 7ffb0be477a6 PyModule_GetState 30847->30851 30852 7ffb0be477c9 30847->30852 30853 7ffb0be476ab TLS_client_method 30848->30853 30854 7ffb0be47697 30848->30854 30849->30841 30855 7ffb0be476d5 TLSv1_2_method 30849->30855 30850->30845 30878 7ffb0be46120 31 API calls 30851->30878 30858 7ffb0be477dd SSL_CTX_free 30852->30858 30859 7ffb0be477eb PyModule_GetState 30852->30859 30853->30845 30854->30846 30857 7ffb0be476a0 TLS_server_method 30854->30857 30855->30845 30857->30845 30858->30841 30860 7ffb0be47827 30859->30860 30879 7ffb0be46178 PyErr_SetString SSL_CTX_get_verify_callback SSL_CTX_set_verify 30860->30879 30862 7ffb0be47836 30863 7ffb0be4785b SSL_CTX_set_options 30862->30863 30864 7ffb0be4783b 30862->30864 30865 7ffb0be47883 30863->30865 30866 7ffb0be4788a SSL_CTX_set_cipher_list 30863->30866 30864->30841 30867 7ffb0be47845 _Py_Dealloc 30864->30867 30865->30866 30868 7ffb0be478c0 30866->30868 30869 7ffb0be47894 30866->30869 30867->30841 30872 7ffb0be478cf SSL_CTX_ctrl 30868->30872 30875 7ffb0be4791f 6 API calls 30868->30875 30870 7ffb0be478a3 ERR_clear_error PyErr_SetString 30869->30870 30871 7ffb0be4789a _Py_Dealloc 30869->30871 30873 7ffb0be47905 30870->30873 30871->30870 30874 7ffb0be478eb PyErr_Format 30872->30874 30872->30875 30876 7ffb0be4790b _Py_Dealloc 30873->30876 30877 7ffb0be47914 ERR_clear_error 30873->30877 30874->30873 30875->30841 30876->30877 30877->30841 30878->30841 30879->30862 30880 7ffb1e0f2680 30882 7ffb1e0f26a4 30880->30882 30881 7ffb1e0f27f1 30890 7ffb1e0f2776 30881->30890 30891 7ffb1e0f281e 30881->30891 30882->30881 30883 7ffb1e0f270a 30882->30883 30884 7ffb1e0f73e6 PyTuple_GetItem 30882->30884 30950 7ffb1e0f28b0 14 API calls 30883->30950 30885 7ffb1e0f746b 30884->30885 30899 7ffb1e0f73fe PyErr_SetString 30884->30899 30952 7ffb1e0f3d98 PyType_IsSubtype 30885->30952 30889 7ffb1e0f2741 30889->30881 30889->30890 30893 7ffb1e0f7464 30889->30893 30900 7ffb1e0f276d 30889->30900 30915 7ffb1e0f2940 30890->30915 30896 7ffb1e0f7430 PyErr_Format 30891->30896 30897 7ffb1e0f7500 _Py_Dealloc 30891->30897 30894 7ffb1e0f747a 30898 7ffb1e0f747e PyErr_SetString 30894->30898 30894->30899 30895 7ffb1e0f27a8 30901 7ffb1e0f27b9 30895->30901 30904 7ffb1e0f751c PyObject_CallFunctionObjArgs 30895->30904 30896->30893 30897->30896 30898->30899 30899->30893 30900->30890 30903 7ffb1e0f74eb 30900->30903 30951 7ffb1e0f2854 8 API calls 30901->30951 30903->30896 30909 7ffb1e0f7420 _Py_Dealloc 30903->30909 30907 7ffb1e0f753f 30904->30907 30908 7ffb1e0f755d 30904->30908 30906 7ffb1e0f27d9 30907->30908 30910 7ffb1e0f7544 30907->30910 30911 7ffb1e0f7563 _Py_Dealloc 30908->30911 30912 7ffb1e0f756c 30908->30912 30909->30896 30910->30901 30913 7ffb1e0f754e _Py_Dealloc 30910->30913 30911->30912 30912->30906 30914 7ffb1e0f7572 _Py_Dealloc 30912->30914 30913->30901 30914->30906 30916 7ffb1e0f793a 30915->30916 30917 7ffb1e0f29a2 30915->30917 30918 7ffb1e0f7942 PyErr_Format 30916->30918 30917->30918 30919 7ffb1e0f29af 30917->30919 30920 7ffb1e0f7966 30918->30920 30921 7ffb1e0f29d6 memset 30919->30921 30922 7ffb1e0f7989 _Py_Dealloc 30920->30922 30921->30920 30929 7ffb1e0f29fc 30921->30929 30925 7ffb1e0f7997 30922->30925 30923 7ffb1e0f2baa 30931 7ffb1e0f2bdb 30923->30931 30934 7ffb1e0f79d6 30923->30934 30935 7ffb1e0f2bc0 30923->30935 30924 7ffb1e0f2c38 30980 7ffb1e0f2c50 13 API calls 30924->30980 30981 7ffb1e0fd4c0 18 API calls 30925->30981 30926 7ffb1e0f2a93 30926->30923 30947 7ffb1e0f7a0d PyErr_NoMemory 30926->30947 30948 7ffb1e0f2b44 30926->30948 30927 7ffb1e0f2a37 PyObject_CallOneArg 30927->30925 30927->30929 30929->30920 30929->30922 30929->30924 30929->30925 30929->30926 30929->30927 30977 7ffb1e0f2c50 13 API calls 30929->30977 30941 7ffb1e0f2c06 30931->30941 30946 7ffb1e0f2bf6 _Py_Dealloc 30931->30946 30933 7ffb1e0f79b3 30933->30895 30936 7ffb1e0f79ff PyLong_FromLong 30934->30936 30937 7ffb1e0f79dd 30934->30937 30938 7ffb1e0f2bc9 30935->30938 30939 7ffb1e0f79ea 30935->30939 30936->30931 30982 7ffb1e0fd0c8 21 API calls 30937->30982 30978 7ffb1e0f25c0 13 API calls 30938->30978 30939->30936 30943 7ffb1e0f79f1 PyErr_SetFromWindowsErr 30939->30943 30979 7ffb1e0f5940 8 API calls 2 library calls 30941->30979 30943->30931 30945 7ffb1e0f2c15 30945->30895 30946->30931 30947->30933 30948->30923 30953 7ffb1e0f3bf0 30948->30953 30950->30889 30951->30906 30952->30894 30954 7ffb1e0f3c3f ffi_prep_cif 30953->30954 30976 7ffb1e0f3d03 30953->30976 30955 7ffb1e0f3c62 30954->30955 30954->30976 30957 7ffb1e0f3c7a 30955->30957 30958 7ffb1e0f3d41 PyEval_SaveThread 30955->30958 30955->30976 30956 7ffb1e0f8771 PyErr_SetString 30956->30976 30960 7ffb1e0f87ab _errno _errno 30957->30960 30961 7ffb1e0f87d6 GetLastError SetLastError 30957->30961 30962 7ffb1e0f3ca4 ffi_call 30957->30962 30958->30957 30960->30961 30964 7ffb1e0f8801 GetLastError SetLastError 30961->30964 30963 7ffb1e0f3ce9 30962->30963 30963->30964 30965 7ffb1e0f881b _errno _errno 30963->30965 30966 7ffb1e0f3d4f PyEval_RestoreThread 30963->30966 30963->30976 30964->30965 30965->30976 30966->30976 30967 7ffb1e0f3d15 30970 7ffb1e0f3d19 PyErr_Occurred 30967->30970 30971 7ffb1e0f3d24 30967->30971 30968 7ffb1e0f884e PySys_Audit 30968->30976 30969 7ffb1e0f883f _Py_Dealloc 30969->30976 30970->30971 30971->30923 30972 7ffb1e0f8906 30973 7ffb1e0f877c PyErr_SetFromWindowsErr 30973->30976 30974 7ffb1e0f88e2 PyErr_Format 30974->30976 30975 7ffb1e0f88d0 PyErr_Format 30975->30976 30976->30956 30976->30960 30976->30967 30976->30968 30976->30969 30976->30972 30976->30973 30976->30974 30976->30975 30983 7ffb1e0fd618 12 API calls 30976->30983 30977->30929 30978->30931 30979->30945 30980->30931 30981->30933 30982->30931 30983->30976 30984 7ff60a4e10f6 30987 7ff60a4e1154 30984->30987 30988 7ff60a4e118b 30987->30988 30989 7ff60a4e11f1 _amsg_exit 30988->30989 30990 7ff60a4e11fd 30988->30990 30991 7ff60a4e1232 30989->30991 30990->30991 30992 7ff60a4e120a _initterm 30990->30992 30993 7ff60a4e124a _initterm 30991->30993 30994 7ff60a4e1270 30991->30994 30992->30991 30993->30994 31003 7ff60a4e147c 30994->31003 30996 7ff60a4e1309 31008 7ff60a4ed990 30996->31008 30999 7ff60a4e1350 exit 31000 7ff60a4e135d 30999->31000 31001 7ff60a4e1117 31000->31001 31002 7ff60a4e1367 _cexit 31000->31002 31002->31001 31004 7ff60a4e14a2 31003->31004 31005 7ff60a4e1558 31004->31005 31006 7ff60a4e14bd 31004->31006 31005->30996 31007 7ff60a4e14dc malloc memcpy 31006->31007 31007->31004 31011 7ff60a4ed9b6 31008->31011 31009 7ff60a4eda38 memset 31010 7ff60a4eda5f 31009->31010 31014 7ff60a4e16d0 31010->31014 31011->31009 31082 7ff60a4e8fe0 31014->31082 31016 7ff60a4e16f3 31090 7ff60a4e21d0 calloc 31016->31090 31020 7ff60a4e22c0 44 API calls 31071 7ff60a4e3d85 31020->31071 31021 7ff60a4e3cfa 31021->31071 31105 7ff60a4e7e30 31021->31105 31023 7ff60a4e9090 10 API calls 31023->31071 31024 7ff60a4e3d2c 31026 7ff60a4e3e00 31024->31026 31027 7ff60a4e3d38 31024->31027 31025 7ff60a4e24a0 58 API calls 31025->31071 31032 7ff60a4e7f20 12 API calls 31026->31032 31029 7ff60a4e7e30 15 API calls 31027->31029 31028 7ff60a4e4122 SetDllDirectoryW 31033 7ff60a4e7020 12 API calls 31028->31033 31034 7ff60a4e3d44 31029->31034 31030 7ff60a4e2e60 10 API calls 31030->31071 31031 7ff60a4e40e2 SetDllDirectoryW 31035 7ff60a4e7020 12 API calls 31031->31035 31036 7ff60a4e3e08 31032->31036 31033->31071 31037 7ff60a4e3f28 31034->31037 31039 7ff60a4e3d5e free 31034->31039 31077 7ff60a4e3e59 31035->31077 31038 7ff60a4e22c0 44 API calls 31036->31038 31041 7ff60a4e7f20 12 API calls 31037->31041 31040 7ff60a4e3e16 31038->31040 31113 7ff60a4e7f20 31039->31113 31040->31071 31151 7ff60a4e24a0 58 API calls 31040->31151 31042 7ff60a4e3f40 31041->31042 31046 7ff60a4e22c0 44 API calls 31042->31046 31043 7ff60a4e4650 11 API calls 31043->31071 31046->31071 31047 7ff60a4e3d6f 31049 7ff60a4e7f20 12 API calls 31047->31049 31052 7ff60a4e3d77 31049->31052 31116 7ff60a4e22c0 31052->31116 31054 7ff60a4e4292 fclose 31054->31071 31056 7ff60a4e3e89 strcmp 31060 7ff60a4e3ede 31056->31060 31056->31071 31057 7ff60a4e71c0 FreeLibrary 31057->31077 31058 7ff60a4e7020 12 API calls 31058->31077 31141 7ff60a4e3c00 31060->31141 31062 7ff60a4e7060 free free free free 31062->31077 31064 7ff60a4e3ec5 strcpy 31064->31060 31067 7ff60a4e3eee 31154 7ff60a4e71c0 FreeLibrary 31067->31154 31068 7ff60a4e3dd6 SetDllDirectoryW 31137 7ff60a4e7020 calloc 31068->31137 31071->31020 31071->31023 31071->31025 31071->31028 31071->31030 31071->31031 31071->31043 31071->31054 31071->31056 31071->31064 31071->31068 31071->31077 31150 7ff60a4e7060 free free free free 31071->31150 31153 7ff60a4e3c80 fputc 31071->31153 31156 7ff60a4e36c0 111 API calls 31071->31156 31162 7ff60a4e8bb0 malloc 31071->31162 31073 7ff60a4e3f02 31155 7ff60a4e7060 free free free free 31073->31155 31076 7ff60a4e1340 31076->30999 31076->31000 31077->31054 31077->31056 31077->31057 31077->31058 31077->31062 31077->31071 31078 7ff60a4e3ff0 31077->31078 31152 7ff60a4e6b90 40 API calls 31077->31152 31157 7ff60a4e7ec0 13 API calls 31077->31157 31158 7ff60a4e8820 21 API calls 31077->31158 31160 7ff60a4e6d80 96 API calls 31077->31160 31161 7ff60a4e6fa0 43 API calls 31077->31161 31171 7ff60a4e8260 30 API calls 31077->31171 31172 7ff60a4e72d0 11 API calls 31077->31172 31159 7ff60a4e2210 free 31078->31159 31081 7ff60a4e3ff8 31081->31076 31083 7ff60a4e8ffe 31082->31083 31084 7ff60a4e9059 31083->31084 31086 7ff60a4e900a 31083->31086 31084->31016 31086->31084 31087 7ff60a4e9031 31086->31087 31173 7ff60a4e8ec0 13 API calls 31086->31173 31088 7ff60a4e9040 free 31087->31088 31088->31088 31089 7ff60a4e9051 free 31088->31089 31089->31084 31091 7ff60a4e21ed 31090->31091 31092 7ff60a4e21e8 31090->31092 31174 7ff60a4e2fe0 11 API calls 31091->31174 31092->31071 31094 7ff60a4e45a0 31092->31094 31175 7ff60a4ef020 31094->31175 31096 7ff60a4e45ac GetModuleFileNameW 31097 7ff60a4e45cc 31096->31097 31098 7ff60a4e45f8 31096->31098 31177 7ff60a4e8ec0 13 API calls 31097->31177 31178 7ff60a4e2f40 10 API calls 31098->31178 31101 7ff60a4e45ea 31101->31021 31102 7ff60a4e45dd 31102->31101 31179 7ff60a4e2e60 10 API calls 31102->31179 31104 7ff60a4e461c 31104->31101 31106 7ff60a4e7e3b 31105->31106 31107 7ff60a4e9090 10 API calls 31106->31107 31108 7ff60a4e7e50 GetEnvironmentVariableW 31107->31108 31109 7ff60a4e7e66 31108->31109 31110 7ff60a4e7e78 ExpandEnvironmentStringsW 31108->31110 31109->31024 31180 7ff60a4e8ec0 13 API calls 31110->31180 31112 7ff60a4e7e9c 31112->31024 31112->31109 31114 7ff60a4e9090 10 API calls 31113->31114 31115 7ff60a4e7f33 SetEnvironmentVariableW free 31114->31115 31115->31047 31117 7ff60a4e22d0 31116->31117 31181 7ff60a4e1af0 31117->31181 31120 7ff60a4e22fb 31120->31071 31121 7ff60a4e1af0 fputc 31122 7ff60a4e232b 31121->31122 31122->31120 31184 7ff60a4e1f90 31122->31184 31124 7ff60a4e233a 31124->31120 31212 7ff60a4e42f0 31124->31212 31128 7ff60a4e239a 31129 7ff60a4e23ac 31128->31129 31131 7ff60a4e2408 31128->31131 31130 7ff60a4e42f0 18 API calls 31129->31130 31132 7ff60a4e23be strcpy 31130->31132 31133 7ff60a4e42f0 18 API calls 31131->31133 31132->31071 31134 7ff60a4e2422 31133->31134 31221 7ff60a4e4390 31134->31221 31136 7ff60a4e2430 31136->31132 31138 7ff60a4e703d 31137->31138 31139 7ff60a4e7038 31137->31139 31260 7ff60a4e2fe0 11 API calls 31138->31260 31139->31071 31261 7ff60a4e62f0 31141->31261 31147 7ff60a4e3c2f 31149 7ff60a4e3c3b 31147->31149 31340 7ff60a4e6880 11 API calls 31147->31340 31149->31067 31150->31071 31151->31071 31152->31077 31153->31071 31154->31073 31155->31076 31156->31071 31157->31077 31158->31077 31159->31081 31160->31077 31161->31077 31163 7ff60a4e8bdf 31162->31163 31170 7ff60a4e8c99 free 31162->31170 31165 7ff60a4f0020 2 API calls 31163->31165 31166 7ff60a4e8bef 31165->31166 31166->31170 31440 7ff60a4f0110 31166->31440 31168 7ff60a4f0020 2 API calls 31169 7ff60a4e8bff 31168->31169 31169->31168 31169->31170 31170->31071 31171->31077 31172->31077 31173->31086 31174->31092 31176 7ff60a4ef02f 31175->31176 31176->31096 31176->31176 31177->31102 31178->31101 31179->31104 31180->31112 31182 7ff60a4f01e0 fputc 31181->31182 31183 7ff60a4e1b0d 31182->31183 31183->31120 31183->31121 31185 7ff60a4e4650 11 API calls 31184->31185 31186 7ff60a4e1faa 31185->31186 31187 7ff60a4e8bb0 5 API calls 31186->31187 31209 7ff60a4e218c 31186->31209 31188 7ff60a4e1fe3 31187->31188 31189 7ff60a4e1feb 31188->31189 31192 7ff60a4f0020 2 API calls 31188->31192 31191 7ff60a4e1ff0 fclose 31189->31191 31191->31124 31194 7ff60a4e2015 31192->31194 31193 7ff60a4e21ae 31193->31193 31195 7ff60a4e2140 31194->31195 31196 7ff60a4e201d fread 31194->31196 31232 7ff60a4e2fe0 11 API calls 31195->31232 31198 7ff60a4e2153 31196->31198 31199 7ff60a4e203d 31196->31199 31233 7ff60a4e2fe0 11 API calls 31198->31233 31200 7ff60a4f0020 2 API calls 31199->31200 31203 7ff60a4e2086 malloc 31200->31203 31202 7ff60a4e2173 31234 7ff60a4e2e60 10 API calls 31202->31234 31204 7ff60a4e20a2 fread 31203->31204 31203->31209 31205 7ff60a4e2120 31204->31205 31206 7ff60a4e20b8 31204->31206 31231 7ff60a4e2fe0 11 API calls 31205->31231 31206->31202 31211 7ff60a4e20d6 31206->31211 31235 7ff60a4e2fe0 11 API calls 31209->31235 31210 7ff60a4e2133 31210->31195 31211->31191 31213 7ff60a4e42fc 31212->31213 31236 7ff60a4e42c0 31213->31236 31218 7ff60a4e42c0 fputc 31219 7ff60a4e238b 31218->31219 31220 7ff60a4e2240 strlen strncmp 31219->31220 31220->31128 31222 7ff60a4e42c0 fputc 31221->31222 31225 7ff60a4e43b1 31222->31225 31223 7ff60a4e4428 31223->31136 31224 7ff60a4e43d2 strlen 31224->31223 31226 7ff60a4e43e7 31224->31226 31225->31223 31225->31224 31227 7ff60a4e4410 31226->31227 31228 7ff60a4e43f7 strncat 31226->31228 31230 7ff60a4e4415 strlen 31227->31230 31229 7ff60a4e43fc 31228->31229 31229->31136 31230->31229 31231->31210 31232->31198 31233->31202 31234->31209 31235->31193 31237 7ff60a4f01e0 fputc 31236->31237 31238 7ff60a4e42e4 31237->31238 31238->31219 31239 7ff60a4ef3b0 31238->31239 31240 7ff60a4ef3ce 31239->31240 31241 7ff60a4ef3e9 setlocale 31240->31241 31242 7ff60a4ef3d9 _strdup 31240->31242 31243 7ff60a4ef824 wcstombs realloc wcstombs setlocale free 31241->31243 31244 7ff60a4ef408 31241->31244 31242->31241 31245 7ff60a4e4332 31243->31245 31244->31243 31246 7ff60a4ef417 mbstowcs 31244->31246 31245->31218 31247 7ff60a4ef020 31246->31247 31248 7ff60a4ef45f mbstowcs 31247->31248 31249 7ff60a4ef514 31248->31249 31250 7ff60a4ef4ad 31248->31250 31251 7ff60a4ef81a 31249->31251 31253 7ff60a4ef544 31249->31253 31250->31249 31252 7ff60a4ef4ee setlocale free 31250->31252 31251->31243 31252->31245 31254 7ff60a4ef5c3 wcstombs realloc wcstombs 31253->31254 31258 7ff60a4ef5c8 wcstombs 31253->31258 31256 7ff60a4ef7f7 setlocale free 31254->31256 31256->31245 31258->31256 31259 7ff60a4ef74e 31258->31259 31259->31256 31260->31139 31262 7ff60a4e62fe 31261->31262 31341 7ff60a4e62c0 31262->31341 31265 7ff60a4e6330 31268 7ff60a4e4390 4 API calls 31265->31268 31286 7ff60a4e633f 31265->31286 31266 7ff60a4e6407 31356 7ff60a4e2e60 10 API calls 31266->31356 31271 7ff60a4e63a9 31268->31271 31269 7ff60a4e4390 4 API calls 31272 7ff60a4e6354 31269->31272 31270 7ff60a4e3c0d 31270->31149 31287 7ff60a4e6450 31270->31287 31273 7ff60a4e63ae 31271->31273 31355 7ff60a4e2e60 10 API calls 31271->31355 31274 7ff60a4e6359 31272->31274 31354 7ff60a4e2e60 10 API calls 31272->31354 31347 7ff60a4e44c0 31273->31347 31344 7ff60a4e87c0 31274->31344 31279 7ff60a4e6361 31281 7ff60a4e636d 31279->31281 31282 7ff60a4e6429 31279->31282 31353 7ff60a4e59c0 54 API calls 31281->31353 31357 7ff60a4e2f40 10 API calls 31282->31357 31285 7ff60a4e87c0 12 API calls 31285->31286 31286->31269 31371 7ff60a4e49f0 calloc 31287->31371 31290 7ff60a4e6612 31428 7ff60a4e2e60 10 API calls 31290->31428 31291 7ff60a4e646c 31293 7ff60a4e65c2 31291->31293 31294 7ff60a4e647c 31291->31294 31423 7ff60a4e2e60 10 API calls 31293->31423 31296 7ff60a4e662e 31294->31296 31297 7ff60a4e648d 31294->31297 31430 7ff60a4e2e60 10 API calls 31296->31430 31386 7ff60a4e4db0 31297->31386 31302 7ff60a4e64a4 31303 7ff60a4e65da 31302->31303 31304 7ff60a4e64ac 31302->31304 31424 7ff60a4e2e60 10 API calls 31303->31424 31307 7ff60a4e64bf 31304->31307 31308 7ff60a4e65e8 31304->31308 31306 7ff60a4e653d 31414 7ff60a4e4960 31306->31414 31398 7ff60a4e4ee0 31307->31398 31425 7ff60a4e2e60 10 API calls 31308->31425 31311 7ff60a4e64ca 31312 7ff60a4e64d2 31311->31312 31313 7ff60a4e65f6 31311->31313 31407 7ff60a4e51b0 calloc 31312->31407 31426 7ff60a4e2e60 10 API calls 31313->31426 31317 7ff60a4e64e5 31320 7ff60a4e6620 31317->31320 31321 7ff60a4e64f8 31317->31321 31318 7ff60a4e6604 31427 7ff60a4e2e60 10 API calls 31318->31427 31429 7ff60a4e2e60 10 API calls 31320->31429 31323 7ff60a4e656e fflush 31321->31323 31325 7ff60a4e64ff 31321->31325 31324 7ff60a4e657d fflush 31323->31324 31324->31325 31325->31306 31422 7ff60a4e2e60 10 API calls 31325->31422 31327 7ff60a4e6640 strlen 31328 7ff60a4e667d 31327->31328 31329 7ff60a4e6799 31328->31329 31338 7ff60a4e6689 31328->31338 31439 7ff60a4e2e60 10 API calls 31329->31439 31331 7ff60a4e6770 31331->31147 31332 7ff60a4e6788 31332->31147 31333 7ff60a4e1b30 27 API calls 31333->31338 31334 7ff60a4e6733 31438 7ff60a4e2e60 10 API calls 31334->31438 31337 7ff60a4e66db free 31337->31338 31338->31332 31338->31333 31338->31334 31338->31337 31339 7ff60a4e6742 free 31339->31331 31340->31149 31342 7ff60a4f01e0 fputc 31341->31342 31343 7ff60a4e62e4 31342->31343 31343->31265 31343->31266 31345 7ff60a4e9090 10 API calls 31344->31345 31346 7ff60a4e87d3 LoadLibraryExW free 31345->31346 31346->31279 31348 7ff60a4e44cb 31347->31348 31349 7ff60a4e9090 10 API calls 31348->31349 31350 7ff60a4e44e4 31349->31350 31358 7ff60a4eff1b 31350->31358 31353->31270 31354->31274 31355->31273 31356->31270 31357->31270 31365 7ff60a4efd30 31358->31365 31360 7ff60a4eff37 31361 7ff60a4eff64 31360->31361 31362 7ff60a4eff58 free 31360->31362 31363 7ff60a4eff6a memset 31361->31363 31364 7ff60a4e44f1 31361->31364 31362->31361 31363->31364 31364->31285 31364->31286 31366 7ff60a4efd4f 31365->31366 31369 7ff60a4efd91 31365->31369 31367 7ff60a4efd5f wcslen 31366->31367 31366->31369 31367->31369 31370 7ff60a4efd74 31367->31370 31368 7ff60a4efec6 malloc memcpy 31368->31369 31369->31360 31370->31368 31370->31369 31372 7ff60a4e4c88 31371->31372 31381 7ff60a4e4a1e 31371->31381 31372->31290 31372->31291 31373 7ff60a4e4d00 31374 7ff60a4e4a81 strncmp 31374->31381 31375 7ff60a4e4aa5 strcmp 31375->31381 31376 7ff60a4e4b30 calloc calloc 31378 7ff60a4e4c80 31376->31378 31385 7ff60a4e4b65 31376->31385 31377 7ff60a4e4ad0 strcmp 31377->31381 31379 7ff60a4e4960 4 API calls 31378->31379 31379->31372 31380 7ff60a4e4af8 strcmp 31380->31381 31381->31373 31381->31374 31381->31375 31381->31376 31381->31377 31381->31380 31431 7ff60a4e47f0 strlen strncmp 31381->31431 31383 7ff60a4e4860 mbstowcs 31383->31385 31384 7ff60a4e47f0 strlen strncmp 31384->31385 31385->31372 31385->31378 31385->31383 31385->31384 31387 7ff60a4e4dc4 31386->31387 31388 7ff60a4e4e28 31386->31388 31390 7ff60a4e4df0 31387->31390 31393 7ff60a4e4dc6 31387->31393 31434 7ff60a4e48b0 11 API calls 31388->31434 31391 7ff60a4e4e18 31390->31391 31433 7ff60a4e48b0 11 API calls 31390->31433 31391->31302 31392 7ff60a4e4e3e 31392->31302 31393->31391 31432 7ff60a4e48b0 11 API calls 31393->31432 31396 7ff60a4e4de6 31396->31302 31397 7ff60a4e4e0d 31397->31302 31399 7ff60a4e4ef2 31398->31399 31435 7ff60a4e4930 31399->31435 31402 7ff60a4e4930 fputc 31405 7ff60a4e4f83 31402->31405 31404 7ff60a4e9090 10 API calls 31404->31405 31405->31404 31406 7ff60a4e4fd1 free free free 31405->31406 31406->31311 31408 7ff60a4e52d5 31407->31408 31410 7ff60a4e51e2 31407->31410 31408->31317 31408->31318 31409 7ff60a4e9090 10 API calls 31409->31410 31410->31409 31411 7ff60a4e5226 31410->31411 31411->31408 31412 7ff60a4e52cd free 31411->31412 31413 7ff60a4e52b8 free 31411->31413 31412->31408 31413->31412 31413->31413 31415 7ff60a4e496e 31414->31415 31416 7ff60a4e3c23 31414->31416 31417 7ff60a4e4996 free 31415->31417 31420 7ff60a4e4980 free 31415->31420 31416->31149 31416->31327 31418 7ff60a4e49c6 free 31417->31418 31419 7ff60a4e49a6 31417->31419 31418->31416 31421 7ff60a4e49b0 free 31419->31421 31420->31417 31420->31420 31421->31418 31421->31421 31422->31306 31423->31306 31424->31306 31425->31306 31426->31306 31427->31306 31428->31306 31429->31306 31430->31306 31431->31381 31432->31396 31433->31397 31434->31392 31436 7ff60a4f01e0 fputc 31435->31436 31437 7ff60a4e4954 31436->31437 31437->31402 31437->31406 31438->31339 31439->31331 31443 7ff60a4f0130 fgetpos 31440->31443 31444 7ff60a4f0128 31443->31444 31444->31169

                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                        Function 00007FFB1C2E1060 Relevance: 632.7, APIs: 189, Strings: 172, Instructions: 923networkCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 0 7ffb1c2e1060-7ffb1c2e10aa WSAStartup 1 7ffb1c2e3108-7ffb1c2e3110 0->1 2 7ffb1c2e10b0-7ffb1c2e10cb Py_AtExit 0->2 5 7ffb1c2e3145 1->5 6 7ffb1c2e3112-7ffb1c2e3115 1->6 3 7ffb1c2e1159-7ffb1c2e117f PyModule_Create2 2->3 4 7ffb1c2e10d1-7ffb1c2e1153 call 7ffb1c2e2f5c VerSetConditionMask * 3 VerifyVersionInfoW 2->4 9 7ffb1c2e1185-7ffb1c2e11c9 PyModule_AddObject PyErr_NewException 3->9 10 7ffb1c2e219e-7ffb1c2e21a0 3->10 4->3 7 7ffb1c2e314c-7ffb1c2e315c PyErr_SetString 5->7 11 7ffb1c2e3117-7ffb1c2e311a 6->11 12 7ffb1c2e313c-7ffb1c2e3143 6->12 17 7ffb1c2e3162-7ffb1c2e316b PyErr_NoMemory 7->17 9->10 15 7ffb1c2e11cf-7ffb1c2e1209 PyModule_AddObject PyErr_NewException 9->15 16 7ffb1c2e216e-7ffb1c2e219d call 7ffb1c2e2280 10->16 11->5 13 7ffb1c2e311c-7ffb1c2e3136 PyErr_Format 11->13 12->7 13->12 15->10 19 7ffb1c2e120f-7ffb1c2e1262 PyModule_AddObject PyModule_AddObjectRef PyModule_AddObject 15->19 17->10 20 7ffb1c2e3171 17->20 19->10 22 7ffb1c2e1268-7ffb1c2e1284 PyModule_AddObject 19->22 23 7ffb1c2e322a-7ffb1c2e3234 _Py_Dealloc 20->23 22->10 24 7ffb1c2e128a-7ffb1c2e12b5 PyModule_AddObject PyMem_Malloc 22->24 23->10 24->17 25 7ffb1c2e12bb-7ffb1c2e1304 PyCapsule_New 24->25 26 7ffb1c2e130a-7ffb1c2e131f PyModule_AddObject 25->26 27 7ffb1c2e3176-7ffb1c2e3181 call 7ffb1c2e4b80 25->27 28 7ffb1c2e1325-7ffb1c2e2034 PyModule_AddIntConstant * 11 PyModule_AddStringConstant * 2 PyModule_AddIntConstant * 137 26->28 29 7ffb1c2e318c-7ffb1c2e318f 26->29 27->10 36 7ffb1c2e3187 27->36 31 7ffb1c2e2037-7ffb1c2e2042 PyLong_FromUnsignedLong 28->31 33 7ffb1c2e319a-7ffb1c2e319d 29->33 34 7ffb1c2e3191-7ffb1c2e3194 _Py_Dealloc 29->34 31->10 35 7ffb1c2e2048-7ffb1c2e2064 PyModule_AddObject 31->35 33->10 37 7ffb1c2e31a3 33->37 34->33 35->31 38 7ffb1c2e2066-7ffb1c2e20c7 PyModule_AddIntConstant * 4 PyModule_GetDict 35->38 36->23 37->23 39 7ffb1c2e3220-7ffb1c2e3224 38->39 40 7ffb1c2e20cd-7ffb1c2e2147 VerSetConditionMask * 3 38->40 39->10 39->23 41 7ffb1c2e214a-7ffb1c2e2165 VerifyVersionInfoA 40->41 42 7ffb1c2e31a8-7ffb1c2e31c6 PyUnicode_FromString 41->42 43 7ffb1c2e216b 41->43 42->39 44 7ffb1c2e31c8-7ffb1c2e31e3 _PyDict_Pop 42->44 43->16 45 7ffb1c2e31e5-7ffb1c2e31e8 _Py_Dealloc 44->45 46 7ffb1c2e31ee-7ffb1c2e31f1 44->46 45->46 46->39 47 7ffb1c2e31f3-7ffb1c2e31f8 46->47 48 7ffb1c2e31fa-7ffb1c2e31fd _Py_Dealloc 47->48 49 7ffb1c2e3203-7ffb1c2e3215 47->49 48->49 49->41 50 7ffb1c2e321b 49->50 50->39
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429044585.00007FFB1C2E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1C2E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429021882.00007FFB1C2E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429193065.00007FFB1C2F0000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c2e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_$Constant$Object$ConditionMask$Err_$ExceptionInfoStringVerifyVersion$Capsule_Create2DictExitFormatFromLongLong_MallocMem_StartupUnsigned
                                                                                                                                                                                                                                        • String ID: 00:00:00:00:00:00$00:00:00:FF:FF:FF$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_DROP_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket$socket.gaierror$socket.herror$timeout
                                                                                                                                                                                                                                        • API String ID: 2280847565-1299366327
                                                                                                                                                                                                                                        • Opcode ID: de31a07a70c23239d4b04c80589f0f0a269b501d95a9cdd44f27bf4122d5a2ac
                                                                                                                                                                                                                                        • Instruction ID: af53d9c1f7c8a7c3cfe33afffec7cf2f3c38a56766e4722c1915562f06ae8a46
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de31a07a70c23239d4b04c80589f0f0a269b501d95a9cdd44f27bf4122d5a2ac
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAA2E2E4B18F0286EA14EF39EC586F42322BB4ABA5F645035CC4E26754DFBDD149D780
                                                                                                                                                                                                                                        Function 00007FFB0BE48958 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 162threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 493 7ffb0be48958-7ffb0be4897e 495 7ffb0be48a33-7ffb0be48a35 493->495 496 7ffb0be48984-7ffb0be48996 PyWeakref_GetObject 493->496 497 7ffb0be48a38 495->497 496->497 498 7ffb0be4899c-7ffb0be489a3 496->498 499 7ffb0be48a3b 497->499 500 7ffb0be489cb-7ffb0be48a1d SSL_get_rbio BIO_ctrl SSL_get_wbio BIO_ctrl 498->500 501 7ffb0be489a5-7ffb0be489c6 call 7ffb0be46120 498->501 503 7ffb0be48a3e-7ffb0be48a6c PyEval_SaveThread SSL_do_handshake call 7ffb0be446a0 499->503 500->499 502 7ffb0be48a1f-7ffb0be48a31 _PyDeadline_Init 500->502 507 7ffb0be48b86 501->507 502->503 508 7ffb0be48a71-7ffb0be48aa9 PyEval_RestoreThread PyErr_CheckSignals 503->508 509 7ffb0be48b88-7ffb0be48b9f 507->509 510 7ffb0be48aaf-7ffb0be48ab2 508->510 511 7ffb0be48b6a-7ffb0be48b6d 508->511 514 7ffb0be48ac0-7ffb0be48ac7 510->514 515 7ffb0be48ab4-7ffb0be48abd _PyDeadline_Get 510->515 512 7ffb0be48b6f-7ffb0be48b73 511->512 513 7ffb0be48b7e-7ffb0be48b81 call 7ffb0be43a2c 511->513 512->513 516 7ffb0be48b75-7ffb0be48b78 _Py_Dealloc 512->516 513->507 518 7ffb0be48acd-7ffb0be48ad0 514->518 519 7ffb0be48ac9-7ffb0be48acb 514->519 515->514 516->513 521 7ffb0be48ad2 518->521 522 7ffb0be48af3-7ffb0be48af6 518->522 520 7ffb0be48ad5-7ffb0be48ae3 call 7ffb0be43fa8 519->520 527 7ffb0be48b53-7ffb0be48b61 520->527 528 7ffb0be48ae5-7ffb0be48ae8 520->528 521->520 522->503 523 7ffb0be48afc-7ffb0be48aff 522->523 523->503 526 7ffb0be48b05-7ffb0be48b08 523->526 529 7ffb0be48b19-7ffb0be48b26 526->529 530 7ffb0be48b0a-7ffb0be48b0e 526->530 531 7ffb0be48b64 PyErr_SetString 527->531 532 7ffb0be48b3e 528->532 533 7ffb0be48aea-7ffb0be48aed 528->533 535 7ffb0be48ba0-7ffb0be48ba7 call 7ffb0be43a2c 529->535 536 7ffb0be48b28-7ffb0be48b33 call 7ffb0be43b78 529->536 530->529 534 7ffb0be48b10-7ffb0be48b13 _Py_Dealloc 530->534 531->511 541 7ffb0be48b45-7ffb0be48b51 532->541 537 7ffb0be48aef-7ffb0be48af1 533->537 538 7ffb0be48b35-7ffb0be48b3c 533->538 534->529 535->507 544 7ffb0be48ba9-7ffb0be48bb3 535->544 536->509 537->522 537->526 538->541 541->531 544->509
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Deadline_DeallocErr_Eval_O_ctrlThread$CheckInitL_do_handshakeL_get_rbioL_get_wbioObjectR_clear_errorR_peek_last_errorRestoreSaveSignalsStringWeakref_
                                                                                                                                                                                                                                        • String ID: Underlying socket connection gone$_ssl.c:975: The handshake operation timed out$_ssl.c:979: Underlying socket has been closed.$_ssl.c:983: Underlying socket too large for select().
                                                                                                                                                                                                                                        • API String ID: 3614085790-2917799974
                                                                                                                                                                                                                                        • Opcode ID: 3352435f0a8769b469e565048f6fa1e0ccb79cd6b6e58e0ae78dc0a73191d070
                                                                                                                                                                                                                                        • Instruction ID: 7ad6df1af3867888cb437a394c20295739cefe4348718898dcad74ba2721016e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3352435f0a8769b469e565048f6fa1e0ccb79cd6b6e58e0ae78dc0a73191d070
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36614EA5A08A428AEA699F31D8549792360FF89B94F14C931DD0FC7B74DF7CE8469300
                                                                                                                                                                                                                                        Function 00007FF60A4E1154 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _initterm$_amsg_exit_cexitexit
                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                        • API String ID: 602970348-4108050209
                                                                                                                                                                                                                                        • Opcode ID: 68b42a7169f47ea2a0c2489e8fdb899db89ccd3641b59c7d876ca4fdc4d75048
                                                                                                                                                                                                                                        • Instruction ID: a6041af203cb39724872cf3bf8ee04865fda717c3481e85b6ce82861f4887669
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68b42a7169f47ea2a0c2489e8fdb899db89ccd3641b59c7d876ca4fdc4d75048
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F61A43AE08B0689FB01DBA9E89076933A0BB49BC8F6046B5DD0D97765EF3CE5408751
                                                                                                                                                                                                                                        Function 00007FFB1C2E45E8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48threadnetworkCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429044585.00007FFB1C2E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1C2E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429021882.00007FFB1C2E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429193065.00007FFB1C2F0000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c2e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$AuditErr_FormatRestoreSaveSys_bind
                                                                                                                                                                                                                                        • String ID: bind$socket.bind
                                                                                                                                                                                                                                        • API String ID: 1695574521-187351271
                                                                                                                                                                                                                                        • Opcode ID: 47eb565280048b3ecec260533f2fe6dcc74e8991d01ddd3de4b1c0f214b793bd
                                                                                                                                                                                                                                        • Instruction ID: 7f17fd4c2c6ae4858a4a43ea0270d79f548be22fa95e9e2fa3d09821f3f1a325
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47eb565280048b3ecec260533f2fe6dcc74e8991d01ddd3de4b1c0f214b793bd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F110BE1608F8283E620AB75F4487FA6365FB48BA4F140136DA8D67B54DF7CE545C780
                                                                                                                                                                                                                                        Function 00007FFB0BE4760C Relevance: 80.7, APIs: 35, Strings: 11, Instructions: 215threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 51 7ffb0be4760c-7ffb0be4763c PyType_GetModuleByDef 52 7ffb0be4763e-7ffb0be4764f PyErr_SetString 51->52 53 7ffb0be47670-7ffb0be47679 51->53 56 7ffb0be47655 52->56 54 7ffb0be4767f-7ffb0be47682 53->54 55 7ffb0be47733-7ffb0be47750 PyErr_WarnEx 53->55 57 7ffb0be47708-7ffb0be47725 PyErr_WarnEx 54->57 58 7ffb0be47688-7ffb0be4768b 54->58 55->56 59 7ffb0be47756 TLS_method 55->59 60 7ffb0be47657-7ffb0be4766f 56->60 57->56 63 7ffb0be4772b-7ffb0be47731 TLSv1_method 57->63 61 7ffb0be476dd-7ffb0be476fa PyErr_WarnEx 58->61 62 7ffb0be4768d-7ffb0be47690 58->62 64 7ffb0be4775c-7ffb0be47762 59->64 61->56 69 7ffb0be47700-7ffb0be47706 TLSv1_1_method 61->69 67 7ffb0be47692-7ffb0be47695 62->67 68 7ffb0be476b6-7ffb0be476d3 PyErr_WarnEx 62->68 63->64 65 7ffb0be47764-7ffb0be4777e PyErr_Format 64->65 66 7ffb0be47783-7ffb0be477a4 PyEval_SaveThread SSL_CTX_new PyEval_RestoreThread 64->66 65->56 70 7ffb0be477a6-7ffb0be477c4 PyModule_GetState call 7ffb0be46120 66->70 71 7ffb0be477c9-7ffb0be477db 66->71 72 7ffb0be476ab-7ffb0be476b1 TLS_client_method 67->72 73 7ffb0be47697-7ffb0be4769a 67->73 68->56 74 7ffb0be476d5-7ffb0be476db TLSv1_2_method 68->74 69->64 70->56 79 7ffb0be477dd-7ffb0be477e6 SSL_CTX_free 71->79 80 7ffb0be477eb-7ffb0be47825 PyModule_GetState 71->80 72->64 73->65 76 7ffb0be476a0-7ffb0be476a6 TLS_server_method 73->76 74->64 76->64 79->56 81 7ffb0be47853-7ffb0be47859 80->81 82 7ffb0be47827-7ffb0be4782e 80->82 83 7ffb0be47831-7ffb0be47839 call 7ffb0be46178 81->83 82->83 86 7ffb0be4785b-7ffb0be47881 SSL_CTX_set_options 83->86 87 7ffb0be4783b-7ffb0be4783f 83->87 88 7ffb0be47883 86->88 89 7ffb0be4788a-7ffb0be47892 SSL_CTX_set_cipher_list 86->89 87->56 90 7ffb0be47845-7ffb0be4784e _Py_Dealloc 87->90 88->89 91 7ffb0be478c0-7ffb0be478c3 89->91 92 7ffb0be47894-7ffb0be47898 89->92 90->56 95 7ffb0be478cf-7ffb0be478e9 SSL_CTX_ctrl 91->95 96 7ffb0be478c5-7ffb0be478c8 91->96 93 7ffb0be478a3-7ffb0be478be ERR_clear_error PyErr_SetString 92->93 94 7ffb0be4789a-7ffb0be4789d _Py_Dealloc 92->94 97 7ffb0be47905-7ffb0be47909 93->97 94->93 99 7ffb0be478eb-7ffb0be478ff PyErr_Format 95->99 100 7ffb0be4791f-7ffb0be47985 SSL_CTX_ctrl SSL_CTX_set_session_id_context SSL_CTX_get0_param X509_VERIFY_PARAM_set_flags X509_VERIFY_PARAM_set_hostflags SSL_CTX_set_post_handshake_auth 95->100 96->95 98 7ffb0be478ca-7ffb0be478cd 96->98 101 7ffb0be4790b-7ffb0be4790e _Py_Dealloc 97->101 102 7ffb0be47914-7ffb0be4791a ERR_clear_error 97->102 98->95 98->100 99->97 100->60 101->102 102->56
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Warn$Dealloc$Eval_FormatModule_R_clear_errorStateStringThreadX509_X_ctrl$M_set_flagsM_set_hostflagsModuleRestoreS_client_methodS_methodS_server_methodSaveSv1_1_methodSv1_2_methodSv1_methodType_X_freeX_get0_paramX_newX_set_cipher_listX_set_optionsX_set_post_handshake_authX_set_session_id_context
                                                                                                                                                                                                                                        • String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$Cannot find internal module state$Failed to set minimum protocol 0x%x$HIGH:!aNULL:!eNULL$No cipher can be selected.$Python$invalid or unsupported protocol version %i$ssl.PROTOCOL_TLS is deprecated$ssl.PROTOCOL_TLSv1 is deprecated$ssl.PROTOCOL_TLSv1_1 is deprecated$ssl.PROTOCOL_TLSv1_2 is deprecated
                                                                                                                                                                                                                                        • API String ID: 2039472478-3748777976
                                                                                                                                                                                                                                        • Opcode ID: 8ea14a6b150731c369c0cfecf7d008cb71e695f8080afdf007d65d86167b4980
                                                                                                                                                                                                                                        • Instruction ID: 80bc3f0341b1d0972cdfa4c26a6ec13e65412f92778ef27deb795a999d086d7a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ea14a6b150731c369c0cfecf7d008cb71e695f8080afdf007d65d86167b4980
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35A110B1A18A0282EB589B35D958A3827A1FF84B95F41CD31C91FC7AB4DF7CED098340
                                                                                                                                                                                                                                        Function 00007FFB1C4FD370 Relevance: 80.7, APIs: 33, Strings: 13, Instructions: 185threadmemoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 103 7ffb1c4fd370-7ffb1c4fd37c 104 7ffb1c4fd3b4-7ffb1c4fd3cd LocalAlloc 103->104 105 7ffb1c4fd37e-7ffb1c4fd38c PyThreadState_Swap 103->105 108 7ffb1c4fd3e4-7ffb1c4fd41b TlsSetValue PyThreadState_Swap * 2 104->108 109 7ffb1c4fd3cf-7ffb1c4fd3e3 _Py_FatalErrorFunc 104->109 106 7ffb1c4fd3a3-7ffb1c4fd3ae PyThreadState_Swap 105->106 107 7ffb1c4fd38e-7ffb1c4fd3a2 _Py_FatalErrorFunc 105->107 106->104 107->106 110 7ffb1c4fd421-7ffb1c4fd42d PyDict_New 108->110 111 7ffb1c4fd57d-7ffb1c4fd58d PyType_Ready 108->111 109->108 112 7ffb1c4fd45f-7ffb1c4fd472 110->112 113 7ffb1c4fd42f-7ffb1c4fd44e PyUnicode_DecodeMBCS 110->113 111->112 114 7ffb1c4fd593-7ffb1c4fd5a3 PyType_Ready 111->114 116 7ffb1c4fd473-7ffb1c4fd4a4 PyDict_SetItemString * 2 113->116 117 7ffb1c4fd450-7ffb1c4fd454 113->117 114->112 115 7ffb1c4fd5a9-7ffb1c4fd5b9 PyType_Ready 114->115 115->112 120 7ffb1c4fd5bf-7ffb1c4fd5cf PyType_Ready 115->120 118 7ffb1c4fd4a6-7ffb1c4fd4a9 _Py_Dealloc 116->118 119 7ffb1c4fd4af-7ffb1c4fd4c2 PyImport_ImportModule 116->119 117->112 121 7ffb1c4fd456-7ffb1c4fd459 _Py_Dealloc 117->121 118->119 119->112 122 7ffb1c4fd4c4-7ffb1c4fd4e3 PyDict_SetItemString 119->122 120->112 123 7ffb1c4fd5d5-7ffb1c4fd5e5 PyType_Ready 120->123 121->112 124 7ffb1c4fd4e9-7ffb1c4fd4ec 122->124 125 7ffb1c4fd6c4-7ffb1c4fd6c7 122->125 123->112 126 7ffb1c4fd5eb-7ffb1c4fd5fb PyType_Ready 123->126 127 7ffb1c4fd4f7-7ffb1c4fd51b PyRun_StringFlags 124->127 128 7ffb1c4fd4ee-7ffb1c4fd4f1 _Py_Dealloc 124->128 125->112 130 7ffb1c4fd6cd 125->130 126->112 129 7ffb1c4fd601-7ffb1c4fd611 PyType_Ready 126->129 127->112 132 7ffb1c4fd521-7ffb1c4fd525 127->132 128->127 129->112 131 7ffb1c4fd617-7ffb1c4fd627 PyType_Ready 129->131 131->112 133 7ffb1c4fd62d-7ffb1c4fd63d PyType_Ready 131->133 134 7ffb1c4fd527-7ffb1c4fd52a _Py_Dealloc 132->134 135 7ffb1c4fd530-7ffb1c4fd54a PyDict_GetItemString 132->135 133->112 136 7ffb1c4fd643-7ffb1c4fd65c PyCapsule_Import 133->136 134->135 137 7ffb1c4fd54f-7ffb1c4fd569 PyDict_GetItemString 135->137 138 7ffb1c4fd54c 135->138 136->112 139 7ffb1c4fd662-7ffb1c4fd6ad PyType_Ready 136->139 140 7ffb1c4fd56e-7ffb1c4fd572 137->140 141 7ffb1c4fd56b 137->141 138->137 139->112 142 7ffb1c4fd6b3-7ffb1c4fd6c3 139->142 140->111 143 7ffb1c4fd574-7ffb1c4fd577 _Py_Dealloc 140->143 141->140 143->111
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ReadyType_$Dict_String$DeallocItem$State_SwapThread$ErrorFatalFuncImport$AllocCapsule_DecodeFlagsImport_LocalModuleRun_Unicode_Value
                                                                                                                                                                                                                                        • String ID: Exception$Out of memory allocating thread state.$PyWinInterpreterState_Ensure$__builtins__$__name__$builtins$class error(Exception): def __init__(self, *args, **kw): nargs = len(args) if nargs > 0: self.winerror = args[0] else: self.winerror = None if nargs > 1: self.funcname = args[1] else: self.funcname = None if nargs > 2: self.strerror =$com_error$datetime.datetime_CAPI$error$ignore$pywintypes$pywintypes: can not setup interpreter state, as current state is invalid
                                                                                                                                                                                                                                        • API String ID: 3484552599-1312685011
                                                                                                                                                                                                                                        • Opcode ID: d9f69cabdc4d8e16c07ccbb113138c945e683b9e7dae157b3d8633d1be168d9d
                                                                                                                                                                                                                                        • Instruction ID: 4e5e5403dc6b833d4cc125b9010e6647b4c307d9990e2e7755f99ce06de47b83
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9f69cabdc4d8e16c07ccbb113138c945e683b9e7dae157b3d8633d1be168d9d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B491EEE0A09E0281EA949F38E85D2F52363FF95779F641635D96E822E0DF7CE465C301
                                                                                                                                                                                                                                        Function 00007FFB1C4FD790 Relevance: 78.9, APIs: 28, Strings: 17, Instructions: 167COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 144 7ffb1c4fd790-7ffb1c4fd79a call 7ffb1c4fd370 146 7ffb1c4fd79f-7ffb1c4fd7a2 144->146 147 7ffb1c4fd7a8-7ffb1c4fd7c0 PyModule_Create2 146->147 148 7ffb1c4fdacc-7ffb1c4fdad8 146->148 147->148 149 7ffb1c4fd7c6-7ffb1c4fd7d5 PyModule_GetDict 147->149 149->148 150 7ffb1c4fd7db-7ffb1c4fd7e5 149->150 151 7ffb1c4fdab5-7ffb1c4fdac6 PyErr_SetString 150->151 152 7ffb1c4fd7eb-7ffb1c4fd7f3 150->152 151->148 152->151 153 7ffb1c4fd7f9-7ffb1c4fd80c PyDict_SetItemString 152->153 153->148 154 7ffb1c4fd812-7ffb1c4fd82c PyDict_SetItemString 153->154 154->148 155 7ffb1c4fd832-7ffb1c4fd84c PyDict_SetItemString 154->155 155->148 156 7ffb1c4fd852-7ffb1c4fd86c PyDict_SetItemString 155->156 156->148 157 7ffb1c4fd872-7ffb1c4fd88b PyModule_AddIntConstant 156->157 157->148 158 7ffb1c4fd891-7ffb1c4fd8ab PyDict_SetItemString 157->158 158->148 159 7ffb1c4fd8b1-7ffb1c4fd8c1 PyType_Ready 158->159 159->148 160 7ffb1c4fd8c7-7ffb1c4fd8e1 PyDict_SetItemString 159->160 160->148 161 7ffb1c4fd8e7-7ffb1c4fd8f7 PyType_Ready 160->161 161->148 162 7ffb1c4fd8fd-7ffb1c4fd917 PyDict_SetItemString 161->162 162->148 163 7ffb1c4fd91d-7ffb1c4fd92d PyType_Ready 162->163 163->148 164 7ffb1c4fd933-7ffb1c4fd94d PyDict_SetItemString 163->164 164->148 165 7ffb1c4fd953-7ffb1c4fd963 PyType_Ready 164->165 165->148 166 7ffb1c4fd969-7ffb1c4fd983 PyDict_SetItemString 165->166 166->148 167 7ffb1c4fd989-7ffb1c4fd999 PyType_Ready 166->167 167->148 168 7ffb1c4fd99f-7ffb1c4fd9b9 PyDict_SetItemString 167->168 168->148 169 7ffb1c4fd9bf-7ffb1c4fd9cf PyType_Ready 168->169 169->148 170 7ffb1c4fd9d5-7ffb1c4fd9ef PyDict_SetItemString 169->170 170->148 171 7ffb1c4fd9f5-7ffb1c4fda05 PyType_Ready 170->171 171->148 172 7ffb1c4fda0b-7ffb1c4fda25 PyDict_SetItemString 171->172 172->148 173 7ffb1c4fda2b-7ffb1c4fda3b PyType_Ready 172->173 173->148 174 7ffb1c4fda41-7ffb1c4fda5b PyDict_SetItemString 173->174 174->148 175 7ffb1c4fda5d-7ffb1c4fda77 PyDict_SetItemString 174->175 175->148 176 7ffb1c4fda79-7ffb1c4fda89 PyType_Ready 175->176 176->148 177 7ffb1c4fda8b-7ffb1c4fdaa5 PyDict_SetItemString 176->177 177->148 178 7ffb1c4fdaa7-7ffb1c4fdab4 177->178
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dict_String$Item$ReadyType_$State_SwapThread$Module_$ErrorFatalFunc$AllocConstantCreate2DeallocDecodeDictErr_LocalUnicode_Value
                                                                                                                                                                                                                                        • String ID: ACLType$Could not initialise the error objects$DEVMODEType$DEVMODEWType$FALSE$HANDLEType$IIDType$OVERLAPPEDType$SECURITY_ATTRIBUTESType$SECURITY_DESCRIPTORType$SIDType$TRUE$TimeType$WAVEFORMATEXType$WAVE_FORMAT_PCM$com_error$error
                                                                                                                                                                                                                                        • API String ID: 2302314715-313003814
                                                                                                                                                                                                                                        • Opcode ID: 6fa2832443a1fabe614409e100eee49140744ad42a5e042efdb4642730eeaa73
                                                                                                                                                                                                                                        • Instruction ID: 9affd37cf5df485b071a0da903462565da1a76214fbc4a31fe9f7e24f63157dd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fa2832443a1fabe614409e100eee49140744ad42a5e042efdb4642730eeaa73
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 179196E091CD0391E6949B38E85E1F82753AF81B75FB81631E87E821F09F7CE9698744
                                                                                                                                                                                                                                        Function 00007FFB1C2E6660 Relevance: 56.2, APIs: 24, Strings: 8, Instructions: 240threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 179 7ffb1c2e6660-7ffb1c2e66fa _PyArg_ParseTupleAndKeywords_SizeT 180 7ffb1c2e6700-7ffb1c2e670b 179->180 181 7ffb1c2e69e1 179->181 183 7ffb1c2e6712-7ffb1c2e6720 180->183 184 7ffb1c2e670d-7ffb1c2e6710 180->184 182 7ffb1c2e69e3-7ffb1c2e6a05 call 7ffb1c2e2280 181->182 185 7ffb1c2e6744-7ffb1c2e6748 183->185 186 7ffb1c2e6722-7ffb1c2e6738 PyUnicode_AsEncodedString 183->186 188 7ffb1c2e675b-7ffb1c2e676a 184->188 190 7ffb1c2e69ca-7ffb1c2e69db PyErr_SetString 185->190 191 7ffb1c2e674e-7ffb1c2e6754 PyBytes_AsString 185->191 186->181 189 7ffb1c2e673e-7ffb1c2e6742 186->189 193 7ffb1c2e67b2-7ffb1c2e67bc 188->193 194 7ffb1c2e676c-7ffb1c2e677a PyLong_AsLong 188->194 195 7ffb1c2e6757 189->195 190->181 191->195 198 7ffb1c2e67be-7ffb1c2e67cd PyUnicode_AsUTF8 193->198 199 7ffb1c2e67dd-7ffb1c2e67e1 193->199 196 7ffb1c2e677c-7ffb1c2e6785 PyErr_Occurred 194->196 197 7ffb1c2e678b-7ffb1c2e67b0 PyOS_snprintf 194->197 195->188 196->197 200 7ffb1c2e69a5-7ffb1c2e69a8 196->200 201 7ffb1c2e67f6-7ffb1c2e6824 PySys_Audit 197->201 198->200 202 7ffb1c2e67d3-7ffb1c2e67db 198->202 203 7ffb1c2e67e9-7ffb1c2e67f0 199->203 204 7ffb1c2e67e3-7ffb1c2e67e7 199->204 206 7ffb1c2e69aa-7ffb1c2e69ae 200->206 207 7ffb1c2e69b9-7ffb1c2e69c0 200->207 201->181 205 7ffb1c2e682a-7ffb1c2e687c PyEval_SaveThread getaddrinfo PyEval_RestoreThread 201->205 202->201 203->201 208 7ffb1c2e698e-7ffb1c2e699f PyErr_SetString 203->208 204->201 209 7ffb1c2e688a-7ffb1c2e6898 PyList_New 205->209 210 7ffb1c2e687e-7ffb1c2e6885 call 7ffb1c2e403c 205->210 206->207 211 7ffb1c2e69b0-7ffb1c2e69b3 _Py_Dealloc 206->211 207->181 212 7ffb1c2e69c2-7ffb1c2e69c8 freeaddrinfo 207->212 208->200 209->200 214 7ffb1c2e689e-7ffb1c2e68a5 209->214 210->200 211->207 212->181 216 7ffb1c2e6947-7ffb1c2e694a 214->216 217 7ffb1c2e68ab-7ffb1c2e68c2 call 7ffb1c2e3ea0 214->217 218 7ffb1c2e694c-7ffb1c2e6950 216->218 219 7ffb1c2e695b-7ffb1c2e6962 216->219 225 7ffb1c2e68c8-7ffb1c2e6903 _Py_BuildValue_SizeT 217->225 226 7ffb1c2e697d-7ffb1c2e6981 217->226 218->219 221 7ffb1c2e6952-7ffb1c2e6955 _Py_Dealloc 218->221 222 7ffb1c2e696a-7ffb1c2e696d 219->222 223 7ffb1c2e6964 freeaddrinfo 219->223 221->219 222->182 223->222 228 7ffb1c2e6905-7ffb1c2e6908 _Py_Dealloc 225->228 229 7ffb1c2e690e-7ffb1c2e6911 225->229 226->200 227 7ffb1c2e6983-7ffb1c2e698c _Py_Dealloc 226->227 227->200 228->229 229->226 230 7ffb1c2e6913-7ffb1c2e692a PyList_Append 229->230 231 7ffb1c2e696f-7ffb1c2e6972 230->231 232 7ffb1c2e692c-7ffb1c2e692f 230->232 231->226 233 7ffb1c2e6974-7ffb1c2e6977 _Py_Dealloc 231->233 234 7ffb1c2e693a-7ffb1c2e6941 232->234 235 7ffb1c2e6931-7ffb1c2e6934 _Py_Dealloc 232->235 233->226 234->216 234->217 235->234
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429044585.00007FFB1C2E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1C2E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429021882.00007FFB1C2E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429193065.00007FFB1C2F0000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c2e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Err_String$Eval_List_SizeThreadUnicode_freeaddrinfo$AppendArg_AuditBuildEncodedKeywords_LongLong_OccurredParseRestoreS_snprintfSaveSys_TupleValue_getaddrinfo
                                                                                                                                                                                                                                        • String ID: %ld$Int or String expected$OOiii$OO|iiii:getaddrinfo$getaddrinfo() argument 1 must be string or None$idna$iiisO$socket.getaddrinfo
                                                                                                                                                                                                                                        • API String ID: 3700949282-3943835681
                                                                                                                                                                                                                                        • Opcode ID: f0e2449cbf7a928651d4ac5da63ff59d93656ef2ce9940bd431a1fda4c72ea40
                                                                                                                                                                                                                                        • Instruction ID: 78a8b992991cc4beb7f77f8830c1a2ee46943320405dda5c5972ab31e7e6b36c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0e2449cbf7a928651d4ac5da63ff59d93656ef2ce9940bd431a1fda4c72ea40
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05B1E9F2B08E1687EB24EFB5D4585FC23A2AB48BA8B244135DD4E67758DF7CE4458380
                                                                                                                                                                                                                                        Function 00007FFB0BE47FB0 Relevance: 47.4, APIs: 22, Strings: 5, Instructions: 192threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 236 7ffb0be47fb0-7ffb0be48013 _errno 237 7ffb0be4803f-7ffb0be4804e PyUnicode_FSConverter 236->237 238 7ffb0be48015-7ffb0be48018 236->238 241 7ffb0be48071-7ffb0be48074 237->241 242 7ffb0be48050-7ffb0be48062 PyErr_ExceptionMatches 237->242 239 7ffb0be48076-7ffb0be48085 PyUnicode_FSConverter 238->239 240 7ffb0be4801a-7ffb0be4801d 238->240 247 7ffb0be480a8-7ffb0be480ab 239->247 248 7ffb0be48087-7ffb0be48099 PyErr_ExceptionMatches 239->248 243 7ffb0be480ad-7ffb0be480be 240->243 244 7ffb0be48023 240->244 241->239 241->247 245 7ffb0be4822c 242->245 246 7ffb0be48068-7ffb0be4806f 242->246 252 7ffb0be480c0-7ffb0be480cc PyUnicode_AsASCIIString 243->252 253 7ffb0be4813a-7ffb0be48142 PyObject_CheckBuffer 243->253 254 7ffb0be4802a-7ffb0be4803a PyErr_SetString 244->254 249 7ffb0be4822f-7ffb0be48236 245->249 246->254 247->243 251 7ffb0be48123-7ffb0be48126 247->251 248->245 250 7ffb0be4809f-7ffb0be480a6 248->250 257 7ffb0be48238-7ffb0be4823c 249->257 258 7ffb0be48244-7ffb0be4824b 249->258 250->254 261 7ffb0be4812c-7ffb0be4812f 251->261 262 7ffb0be481b5-7ffb0be481c0 251->262 259 7ffb0be480f2-7ffb0be4810b call 7ffb0be449b4 252->259 260 7ffb0be480ce-7ffb0be480e0 PyErr_ExceptionMatches 252->260 255 7ffb0be48144-7ffb0be48156 PyObject_GetBuffer 253->255 256 7ffb0be480e6-7ffb0be480ed 253->256 254->245 255->245 263 7ffb0be4815c-7ffb0be4816a PyBuffer_IsContiguous 255->263 256->254 257->258 264 7ffb0be4823e _Py_Dealloc 257->264 265 7ffb0be4824d-7ffb0be48251 258->265 266 7ffb0be48259-7ffb0be4825c 258->266 280 7ffb0be4810d-7ffb0be48110 _Py_Dealloc 259->280 281 7ffb0be48116-7ffb0be4811a 259->281 260->245 260->256 261->249 270 7ffb0be48135 261->270 268 7ffb0be481c2-7ffb0be481c6 262->268 269 7ffb0be481ca-7ffb0be481f1 PyEval_SaveThread SSL_CTX_load_verify_locations PyEval_RestoreThread 262->269 271 7ffb0be4819f-7ffb0be481b0 PyBuffer_Release 263->271 272 7ffb0be4816c-7ffb0be48170 263->272 264->258 265->266 273 7ffb0be48253 _Py_Dealloc 265->273 274 7ffb0be4825e-7ffb0be48268 266->274 275 7ffb0be4826a 266->275 268->269 269->249 277 7ffb0be481f3-7ffb0be481fc _errno 269->277 270->268 271->254 272->271 278 7ffb0be48172-7ffb0be48197 call 7ffb0be449b4 PyBuffer_Release 272->278 273->266 279 7ffb0be4826c-7ffb0be48286 274->279 275->279 282 7ffb0be481fe-7ffb0be48214 ERR_clear_error PyErr_SetFromErrno 277->282 283 7ffb0be48216-7ffb0be48227 call 7ffb0be46120 277->283 278->245 288 7ffb0be4819d 278->288 280->281 281->245 285 7ffb0be48120 281->285 282->245 283->245 285->251 288->251
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Buffer_DeallocExceptionMatchesUnicode_$BufferConverterEval_Object_ReleaseStringThread_errno$CheckContiguousErrnoFromR_clear_errorRestoreSaveX_load_verify_locations
                                                                                                                                                                                                                                        • String ID: cadata should be a contiguous buffer with a single dimension$cadata should be an ASCII string or a bytes-like object$cafile should be a valid filesystem path$cafile, capath and cadata cannot be all omitted$capath should be a valid filesystem path
                                                                                                                                                                                                                                        • API String ID: 3554890122-3904065072
                                                                                                                                                                                                                                        • Opcode ID: 9b3b78bc30023d89b7b2698915db2b05eaedea6405f0ede217f8e3eaae57c9d4
                                                                                                                                                                                                                                        • Instruction ID: 8ba00d180029830d5d6b024a423a4defb3b6d7afdc3dd6b15c361b1e8713bb07
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b3b78bc30023d89b7b2698915db2b05eaedea6405f0ede217f8e3eaae57c9d4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91810AA5B08A4285FB5C9B76EC54A7923A1BF44B98F54C831CD0FC7AB4DF6CE8498304
                                                                                                                                                                                                                                        Function 00007FFB1E0F3BF0 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 181threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 289 7ffb1e0f3bf0-7ffb1e0f3c39 290 7ffb1e0f874a-7ffb1e0f8751 289->290 291 7ffb1e0f3c3f-7ffb1e0f3c5c ffi_prep_cif 289->291 294 7ffb1e0f875a-7ffb1e0f8761 290->294 292 7ffb1e0f8753 291->292 293 7ffb1e0f3c62-7ffb1e0f3c65 291->293 292->294 295 7ffb1e0f878f-7ffb1e0f87a4 call 7ffb1e0fd618 293->295 296 7ffb1e0f3c6b-7ffb1e0f3c74 293->296 297 7ffb1e0f8771-7ffb1e0f877a PyErr_SetString 294->297 300 7ffb1e0f8785 295->300 305 7ffb1e0f87a6 295->305 298 7ffb1e0f3c7a-7ffb1e0f3c8e 296->298 299 7ffb1e0f3d41-7ffb1e0f3d4a PyEval_SaveThread 296->299 297->300 302 7ffb1e0f3c94-7ffb1e0f3c9e 298->302 303 7ffb1e0f87ab-7ffb1e0f87c9 _errno * 2 298->303 299->298 300->295 306 7ffb1e0f87d6-7ffb1e0f87f4 GetLastError SetLastError 302->306 307 7ffb1e0f3ca4-7ffb1e0f3cc5 ffi_call 302->307 303->306 305->303 309 7ffb1e0f8801-7ffb1e0f8815 GetLastError SetLastError 306->309 308 7ffb1e0f3ce9-7ffb1e0f3cf0 307->308 308->309 310 7ffb1e0f3cf6-7ffb1e0f3cf9 308->310 312 7ffb1e0f881b-7ffb1e0f882d _errno * 2 309->312 311 7ffb1e0f3cff-7ffb1e0f3d01 310->311 310->312 313 7ffb1e0f3d03-7ffb1e0f3d06 311->313 314 7ffb1e0f3d4f-7ffb1e0f3d58 PyEval_RestoreThread 311->314 315 7ffb1e0f8834-7ffb1e0f8839 312->315 313->315 316 7ffb1e0f3d0c-7ffb1e0f3d0f 313->316 314->313 315->316 319 7ffb1e0f883f-7ffb1e0f8849 _Py_Dealloc 315->319 317 7ffb1e0f3d15-7ffb1e0f3d17 316->317 318 7ffb1e0f884e-7ffb1e0f8867 PySys_Audit 316->318 320 7ffb1e0f3d19-7ffb1e0f3d22 PyErr_Occurred 317->320 321 7ffb1e0f3d5a-7ffb1e0f3d5c 317->321 318->300 322 7ffb1e0f886d-7ffb1e0f8874 318->322 319->316 323 7ffb1e0f3d24-7ffb1e0f3d40 320->323 321->323 324 7ffb1e0f8876 322->324 325 7ffb1e0f88f4-7ffb1e0f8900 322->325 328 7ffb1e0f8878-7ffb1e0f887f 324->328 329 7ffb1e0f88b3-7ffb1e0f88ce 324->329 326 7ffb1e0f8906-7ffb1e0f891c 325->326 327 7ffb1e0f877c-7ffb1e0f877f PyErr_SetFromWindowsErr 325->327 327->300 330 7ffb1e0f88a7 328->330 331 7ffb1e0f8881-7ffb1e0f8888 328->331 332 7ffb1e0f88e2-7ffb1e0f88ef PyErr_Format 329->332 333 7ffb1e0f88d0-7ffb1e0f88dd PyErr_Format 329->333 330->329 334 7ffb1e0f8763 331->334 335 7ffb1e0f888e-7ffb1e0f8895 331->335 332->300 333->300 337 7ffb1e0f876a 334->337 335->327 336 7ffb1e0f889b-7ffb1e0f88a2 335->336 336->337 337->297
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1431293834.00007FFB1E0F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1E0F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431145957.00007FFB1E0F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431423223.00007FFB1E100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431562283.00007FFB1E107000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431628414.00007FFB1E10B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431628414.00007FFB1E10D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1e0f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$_errno$Eval_FromOccurredSaveStringThreadWindowsffi_callffi_prep_cif
                                                                                                                                                                                                                                        • String ID: No ffi_type for result$ctypes.seh_exception$exception: access violation reading %p$exception: access violation writing %p$exception: breakpoint encountered$exception: datatype misalignment$exception: single step$ffi_prep_cif failed
                                                                                                                                                                                                                                        • API String ID: 1937973484-2749438402
                                                                                                                                                                                                                                        • Opcode ID: 0ba4f0e5fee18898173a45f78b32c77227d0e6cda40fc1b59d7b7052ba7998e2
                                                                                                                                                                                                                                        • Instruction ID: 1bd3fe39a385fcd290e0faf79aeaa783b9dca970453e1285904499e163a2d2ea
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ba4f0e5fee18898173a45f78b32c77227d0e6cda40fc1b59d7b7052ba7998e2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8815DB2A08E5282F7608F30E84AAB97766FB44BA4F144435D94E0B2A4DF3CF965C710
                                                                                                                                                                                                                                        Function 00007FFB1C2E500C Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 247threadnetworkCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 338 7ffb1c2e500c-7ffb1c2e5046 339 7ffb1c2e5048-7ffb1c2e5052 338->339 340 7ffb1c2e5054-7ffb1c2e5079 PySys_Audit 338->340 339->340 341 7ffb1c2e5094-7ffb1c2e50a2 339->341 342 7ffb1c2e50cf 340->342 343 7ffb1c2e507b-7ffb1c2e507e 340->343 346 7ffb1c2e50a8-7ffb1c2e50b0 341->346 347 7ffb1c2e5283-7ffb1c2e5293 PyLong_AsLongLong 341->347 348 7ffb1c2e50d4-7ffb1c2e50f5 call 7ffb1c2e2280 342->348 344 7ffb1c2e5084-7ffb1c2e508e 343->344 345 7ffb1c2e535b-7ffb1c2e5398 PyEval_SaveThread 343->345 344->341 344->345 352 7ffb1c2e539a-7ffb1c2e53b6 WSASocketW 345->352 353 7ffb1c2e53c5-7ffb1c2e53cb socket 345->353 354 7ffb1c2e50f6-7ffb1c2e50ff 346->354 355 7ffb1c2e50b2-7ffb1c2e50c9 PyErr_Format 346->355 349 7ffb1c2e5295-7ffb1c2e529e PyErr_Occurred 347->349 350 7ffb1c2e52c0-7ffb1c2e52ef memset getsockname 347->350 349->342 356 7ffb1c2e52a4-7ffb1c2e52bb PyErr_SetString 349->356 358 7ffb1c2e52f1-7ffb1c2e52f4 350->358 359 7ffb1c2e52fd-7ffb1c2e5300 350->359 361 7ffb1c2e53b8-7ffb1c2e53c3 352->361 362 7ffb1c2e53ce-7ffb1c2e53db PyEval_RestoreThread 352->362 353->362 360 7ffb1c2e5107-7ffb1c2e5158 354->360 355->342 356->342 365 7ffb1c2e5317-7ffb1c2e531a 358->365 366 7ffb1c2e52f6-7ffb1c2e52fb 358->366 363 7ffb1c2e5214-7ffb1c2e5219 call 7ffb1c2e4008 359->363 368 7ffb1c2e5306-7ffb1c2e5311 WSAGetLastError 359->368 360->360 367 7ffb1c2e515a-7ffb1c2e51cd PySys_Audit 360->367 361->353 362->363 364 7ffb1c2e53e1-7ffb1c2e53eb 362->364 363->342 369 7ffb1c2e5233-7ffb1c2e525c 364->369 370 7ffb1c2e53f1-7ffb1c2e5403 SetHandleInformation 364->370 373 7ffb1c2e5354-7ffb1c2e5356 365->373 374 7ffb1c2e531c-7ffb1c2e534a getsockopt 365->374 366->365 367->342 371 7ffb1c2e51d3-7ffb1c2e5212 PyEval_SaveThread WSASocketW PyEval_RestoreThread 367->371 368->363 368->365 379 7ffb1c2e541f-7ffb1c2e5421 369->379 380 7ffb1c2e5262-7ffb1c2e526f call 7ffb1c2e3cc4 369->380 370->369 375 7ffb1c2e5409-7ffb1c2e541a closesocket PyErr_SetFromWindowsErr 370->375 371->363 376 7ffb1c2e521e-7ffb1c2e522c 371->376 373->369 374->363 378 7ffb1c2e5350 374->378 375->342 376->369 378->373 379->348 380->379 383 7ffb1c2e5275-7ffb1c2e527e closesocket 380->383 383->342
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429044585.00007FFB1C2E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1C2E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429021882.00007FFB1C2E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429193065.00007FFB1C2F0000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c2e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Eval_Thread$AuditLongRestoreSaveSocketSys_closesocket$ErrorFormatFromHandleInformationLastLong_OccurredStringWindowsgetsocknamegetsockoptmemsetsocket
                                                                                                                                                                                                                                        • String ID: Oiii$negative file descriptor$socket descriptor string has wrong size, should be %zu bytes.$socket.__new__
                                                                                                                                                                                                                                        • API String ID: 2694513709-2881308447
                                                                                                                                                                                                                                        • Opcode ID: 69a2b3a033ee6e6bc64c67bc07a6c1814e5cb11858f1c692dbb8da34602e7667
                                                                                                                                                                                                                                        • Instruction ID: 09f1a86b64f95e14a2adb3071d3873afa2c1ca60d396f2d8eb9bc2645f3bf925
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69a2b3a033ee6e6bc64c67bc07a6c1814e5cb11858f1c692dbb8da34602e7667
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25C172E1A18F8583E620AB38D5482F87362FB55BB4F205335DA5D237A1EF7CE5858780
                                                                                                                                                                                                                                        Function 00007FFB0BE41170 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 384 7ffb0be41170-7ffb0be411a3 PyModule_GetState PyDict_New 385 7ffb0be41343-7ffb0be41348 384->385 386 7ffb0be411a9-7ffb0be411b6 PyDict_New 384->386 388 7ffb0be41328-7ffb0be41342 385->388 386->385 387 7ffb0be411bc-7ffb0be411c9 PyDict_New 386->387 387->385 389 7ffb0be411cf-7ffb0be411d9 387->389 390 7ffb0be4126f-7ffb0be4127e 389->390 391 7ffb0be411df 389->391 392 7ffb0be412e0-7ffb0be412f6 PyModule_AddObjectRef 390->392 393 7ffb0be41280-7ffb0be4129b PyLong_FromLong PyUnicode_FromString 390->393 394 7ffb0be411e6-7ffb0be4120b PyUnicode_FromString _Py_BuildValue_SizeT 391->394 392->385 396 7ffb0be412f8-7ffb0be4130e PyModule_AddObjectRef 392->396 393->385 395 7ffb0be412a1-7ffb0be412a4 393->395 394->385 397 7ffb0be41211-7ffb0be41214 394->397 395->385 398 7ffb0be412aa-7ffb0be412bc PyDict_SetItem 395->398 396->385 399 7ffb0be41310-7ffb0be41326 PyModule_AddObjectRef 396->399 397->385 400 7ffb0be4121a-7ffb0be4122c PyDict_SetItem 397->400 398->385 401 7ffb0be412c2-7ffb0be412c6 398->401 399->388 400->385 402 7ffb0be41232-7ffb0be41244 PyDict_SetItem 400->402 403 7ffb0be412cc-7ffb0be412d0 401->403 404 7ffb0be43556-7ffb0be4355f _Py_Dealloc 401->404 402->385 405 7ffb0be4124a-7ffb0be4124e 402->405 406 7ffb0be412d6-7ffb0be412de 403->406 407 7ffb0be43565-7ffb0be4356e _Py_Dealloc 403->407 404->407 408 7ffb0be41254-7ffb0be41258 405->408 409 7ffb0be43538-7ffb0be43541 _Py_Dealloc 405->409 406->392 406->393 410 7ffb0be4125e-7ffb0be41269 408->410 411 7ffb0be43547-7ffb0be43550 _Py_Dealloc 408->411 409->411 410->390 410->394 411->404
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dict_$Module_$FromItemObject$DeallocStringUnicode_$BuildLongLong_SizeStateValue_
                                                                                                                                                                                                                                        • String ID: err_codes_to_names$err_names_to_codes$lib_codes_to_names
                                                                                                                                                                                                                                        • API String ID: 3638348250-3898622116
                                                                                                                                                                                                                                        • Opcode ID: 11f1fb55f53d4a3a2fb4cbdae04ecf3c31a4c0fb9d867dd1ba9490b890e90560
                                                                                                                                                                                                                                        • Instruction ID: 6376f08f50fcfeb8be03837e4bfdd22ed2de0608c215ce69c35beed6637781b2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11f1fb55f53d4a3a2fb4cbdae04ecf3c31a4c0fb9d867dd1ba9490b890e90560
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 055105A1A0DB5381EA188F76E944A7927A0BF49B85F04C835CA4FD3B74EF3CE9458341
                                                                                                                                                                                                                                        Function 00007FF60A4E37E0 Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 254COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 412 7ff60a4e37e0-7ff60a4e3816 call 7ff60a4ef020 416 7ff60a4e3a51-7ff60a4e3a5d call 7ff60a4e2e60 412->416 417 7ff60a4e381c-7ff60a4e382e 412->417 421 7ff60a4e3a62-7ff60a4e3a6e call 7ff60a4e2e60 416->421 417->421 422 7ff60a4e3834-7ff60a4e3838 417->422 431 7ff60a4e3a73-7ff60a4e3a98 421->431 424 7ff60a4e383e-7ff60a4e3845 422->424 425 7ff60a4e3930 422->425 427 7ff60a4e3868-7ff60a4e386c 424->427 428 7ff60a4e3932-7ff60a4e3945 425->428 429 7ff60a4e386e-7ff60a4e38b2 call 7ff60a4e1b30 call 7ff60a4e3240 427->429 430 7ff60a4e3850-7ff60a4e3862 call 7ff60a4e1b20 427->430 441 7ff60a4e3946-7ff60a4e394d call 7ff60a4e2e60 429->441 442 7ff60a4e38b8-7ff60a4e38f8 429->442 430->425 430->427 438 7ff60a4e3bce-7ff60a4e3bda 431->438 439 7ff60a4e3a9e-7ff60a4e3ab9 431->439 450 7ff60a4e3bdf-7ff60a4e3be1 438->450 448 7ff60a4e3abf-7ff60a4e3ae3 439->448 449 7ff60a4e3bc0-7ff60a4e3bc7 439->449 447 7ff60a4e3952-7ff60a4e3957 441->447 460 7ff60a4e38fa-7ff60a4e391f 442->460 461 7ff60a4e3959-7ff60a4e3971 call 7ff60a4e2e60 442->461 447->428 448->450 454 7ff60a4e3ae9-7ff60a4e3b87 448->454 449->438 451 7ff60a4e3ba8-7ff60a4e3bbb 450->451 451->449 454->450 482 7ff60a4e3b89-7ff60a4e3b9b 454->482 469 7ff60a4e3973-7ff60a4e39c9 460->469 470 7ff60a4e3921-7ff60a4e3929 free 460->470 461->447 480 7ff60a4e39cb-7ff60a4e39d3 _strdup 469->480 481 7ff60a4e39d6-7ff60a4e39f7 call 7ff60a4e2240 469->481 470->430 480->481 481->431 488 7ff60a4e39f9-7ff60a4e3a4c _strdup call 7ff60a4e2cc0 free * 2 481->488 482->451 486 7ff60a4e3b9d-7ff60a4e3ba5 _strdup 482->486 486->451 488->428
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free
                                                                                                                                                                                                                                        • String ID: %s%c%s.py$Absolute path to script exceeds PATH_MAX$Could not get __main__ module's dict.$Could not get __main__ module.$Failed to unmarshal code object for %s$Traceback is disabled via bootloader option.$\$__file__$__main__$_pyi_main_co$format_exception$pyi-disable-windowed-traceback$traceback
                                                                                                                                                                                                                                        • API String ID: 1294909896-4198433784
                                                                                                                                                                                                                                        • Opcode ID: 93dfcaad4b1aa76d55e3d492ed916db7435eb578cd35070265ab476f8af9a6fe
                                                                                                                                                                                                                                        • Instruction ID: 569d1690604d4c8eb5702946ef41ee472d8f632b27912f69805b0f06709c6a35
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93dfcaad4b1aa76d55e3d492ed916db7435eb578cd35070265ab476f8af9a6fe
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4DB13A2AB09E4685EA06DF16E85457923A0FF86FC4FA441B6ED1E877B1EE7CE405C300
                                                                                                                                                                                                                                        Function 00007FFB1E0F2680 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 191COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 545 7ffb1e0f2680-7ffb1e0f26b7 call 7ffb1e0f2830 548 7ffb1e0f27f1 545->548 549 7ffb1e0f26bd-7ffb1e0f26c4 545->549 551 7ffb1e0f27fd 548->551 550 7ffb1e0f26ca-7ffb1e0f26d4 549->550 549->551 552 7ffb1e0f26d6 550->552 553 7ffb1e0f26dd-7ffb1e0f26e4 550->553 554 7ffb1e0f2809 551->554 552->553 553->554 555 7ffb1e0f26ea-7ffb1e0f2704 553->555 561 7ffb1e0f2815-7ffb1e0f2818 554->561 556 7ffb1e0f270a-7ffb1e0f2747 call 7ffb1e0f28b0 555->556 557 7ffb1e0f73e6-7ffb1e0f73fc PyTuple_GetItem 555->557 569 7ffb1e0f7464-7ffb1e0f7466 556->569 571 7ffb1e0f274d-7ffb1e0f2750 556->571 558 7ffb1e0f73fe-7ffb1e0f7405 557->558 559 7ffb1e0f746b-7ffb1e0f747c call 7ffb1e0f3d98 557->559 562 7ffb1e0f740e-7ffb1e0f741e PyErr_SetString 558->562 575 7ffb1e0f747e-7ffb1e0f7495 PyErr_SetString 559->575 576 7ffb1e0f749c-7ffb1e0f74ab 559->576 565 7ffb1e0f2776-7ffb1e0f27a3 call 7ffb1e0f2940 561->565 566 7ffb1e0f281e-7ffb1e0f74fe 561->566 562->569 572 7ffb1e0f27a8-7ffb1e0f27ae 565->572 573 7ffb1e0f7510-7ffb1e0f7517 566->573 574 7ffb1e0f7500-7ffb1e0f7509 _Py_Dealloc 566->574 571->565 577 7ffb1e0f2752-7ffb1e0f2767 571->577 579 7ffb1e0f27b9-7ffb1e0f27d4 call 7ffb1e0f2854 572->579 580 7ffb1e0f27b0-7ffb1e0f27b3 572->580 581 7ffb1e0f7437-7ffb1e0f745e PyErr_Format 573->581 574->573 575->576 582 7ffb1e0f74df-7ffb1e0f74e6 576->582 583 7ffb1e0f74ad-7ffb1e0f74b8 576->583 577->561 578 7ffb1e0f276d-7ffb1e0f2770 577->578 578->565 584 7ffb1e0f74eb-7ffb1e0f74ef 578->584 592 7ffb1e0f27d9-7ffb1e0f27f0 579->592 580->579 585 7ffb1e0f751c-7ffb1e0f753d PyObject_CallFunctionObjArgs 580->585 581->569 582->562 583->582 587 7ffb1e0f74ba-7ffb1e0f74c0 583->587 590 7ffb1e0f74f5 _Py_Dealloc 584->590 591 7ffb1e0f7430 584->591 593 7ffb1e0f753f-7ffb1e0f7542 585->593 594 7ffb1e0f755d-7ffb1e0f7561 585->594 588 7ffb1e0f7407 587->588 589 7ffb1e0f74c6-7ffb1e0f74d5 587->589 588->562 589->582 590->591 591->581 593->594 596 7ffb1e0f7544-7ffb1e0f7548 593->596 597 7ffb1e0f7563-7ffb1e0f7566 _Py_Dealloc 594->597 598 7ffb1e0f756c-7ffb1e0f7570 594->598 596->579 599 7ffb1e0f754e-7ffb1e0f7558 _Py_Dealloc 596->599 597->598 600 7ffb1e0f7572-7ffb1e0f7575 _Py_Dealloc 598->600 601 7ffb1e0f757b-7ffb1e0f757e 598->601 599->579 600->601 601->592
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1431293834.00007FFB1E0F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1E0F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431145957.00007FFB1E0F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431423223.00007FFB1E100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431562283.00007FFB1E107000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431628414.00007FFB1E10B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431628414.00007FFB1E10D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1e0f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: COM method call without VTable$Expected a COM this pointer as first argument$NULL COM pointer access$native com method call without 'this' parameter$this function takes %d argument%s (%d given)$this function takes at least %d argument%s (%d given)
                                                                                                                                                                                                                                        • API String ID: 0-1981512665
                                                                                                                                                                                                                                        • Opcode ID: c373b80f0b1134d3a3520d1c5bdcc649e0ca655440ecdbbfba81ba0b3da60dd0
                                                                                                                                                                                                                                        • Instruction ID: 8b099a72262d358c34e101f1c772ceb48490c7cafbbd36f9486f5fe04f32658f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c373b80f0b1134d3a3520d1c5bdcc649e0ca655440ecdbbfba81ba0b3da60dd0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E49138B2A09F4282EA65CB31E44AA7967A2FB85FA4F484431DE4D4BB54DF3CF464C700
                                                                                                                                                                                                                                        Function 00007FF60A4EF3B0 Relevance: 25.8, APIs: 17, Instructions: 341COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 602 7ff60a4ef3b0-7ff60a4ef3d7 call 7ff60a4f9288 605 7ff60a4ef3e9-7ff60a4ef402 setlocale 602->605 606 7ff60a4ef3d9-7ff60a4ef3e5 _strdup 602->606 607 7ff60a4ef824-7ff60a4ef89a wcstombs realloc wcstombs setlocale free 605->607 608 7ff60a4ef408-7ff60a4ef411 605->608 606->605 609 7ff60a4ef8a1-7ff60a4ef8a7 607->609 608->607 610 7ff60a4ef417-7ff60a4ef4ab mbstowcs call 7ff60a4ef020 mbstowcs 608->610 613 7ff60a4ef514-7ff60a4ef519 610->613 614 7ff60a4ef4ad-7ff60a4ef4b8 610->614 617 7ff60a4ef534-7ff60a4ef53e 613->617 618 7ff60a4ef51b-7ff60a4ef52a 613->618 615 7ff60a4ef4ba-7ff60a4ef4c5 614->615 616 7ff60a4ef4c7-7ff60a4ef4dc 614->616 615->613 615->616 619 7ff60a4ef533 616->619 620 7ff60a4ef4de-7ff60a4ef4ec 616->620 622 7ff60a4ef544-7ff60a4ef554 617->622 623 7ff60a4ef81a-7ff60a4ef81d 617->623 618->617 621 7ff60a4ef52c-7ff60a4ef531 618->621 619->617 620->619 625 7ff60a4ef4ee-7ff60a4ef50f setlocale free 620->625 621->617 624 7ff60a4ef5aa-7ff60a4ef5b4 622->624 623->607 626 7ff60a4ef556-7ff60a4ef561 624->626 627 7ff60a4ef5b6 624->627 628 7ff60a4ef81f-7ff60a4ef822 625->628 629 7ff60a4ef563-7ff60a4ef56e 626->629 630 7ff60a4ef577-7ff60a4ef582 626->630 631 7ff60a4ef5b9-7ff60a4ef5c1 627->631 628->609 632 7ff60a4ef5a5 629->632 633 7ff60a4ef570 629->633 634 7ff60a4ef584-7ff60a4ef58f 630->634 635 7ff60a4ef572 630->635 636 7ff60a4ef5c3-7ff60a4ef76c 631->636 637 7ff60a4ef5c8-7ff60a4ef5d5 631->637 632->624 633->630 634->635 638 7ff60a4ef591-7ff60a4ef59b 634->638 635->630 647 7ff60a4ef76e-7ff60a4ef779 636->647 648 7ff60a4ef77b-7ff60a4ef780 636->648 640 7ff60a4ef5f1-7ff60a4ef5f9 637->640 641 7ff60a4ef5d7-7ff60a4ef5e2 637->641 645 7ff60a4ef59d-7ff60a4ef5a1 638->645 646 7ff60a4ef5b8 638->646 643 7ff60a4ef653-7ff60a4ef669 640->643 644 7ff60a4ef5fb-7ff60a4ef606 640->644 641->637 642 7ff60a4ef5e4-7ff60a4ef5ef 641->642 642->637 642->640 651 7ff60a4ef670-7ff60a4ef67b 643->651 649 7ff60a4ef615-7ff60a4ef62a 644->649 650 7ff60a4ef608-7ff60a4ef613 644->650 645->632 646->631 647->648 652 7ff60a4ef782-7ff60a4ef78e 647->652 653 7ff60a4ef793-7ff60a4ef7f2 wcstombs realloc wcstombs 648->653 649->643 654 7ff60a4ef62c-7ff60a4ef63b 649->654 650->643 650->649 655 7ff60a4ef67d-7ff60a4ef688 651->655 656 7ff60a4ef66b 651->656 652->653 657 7ff60a4ef7f7-7ff60a4ef818 setlocale free 653->657 654->643 658 7ff60a4ef63d-7ff60a4ef64c 654->658 655->656 659 7ff60a4ef68a-7ff60a4ef696 655->659 656->651 657->628 658->643 660 7ff60a4ef64e 658->660 661 7ff60a4ef6ac-7ff60a4ef6b0 659->661 662 7ff60a4ef698-7ff60a4ef6aa 659->662 660->643 663 7ff60a4ef6b4-7ff60a4ef6bc 661->663 662->661 662->663 664 7ff60a4ef713-7ff60a4ef71d 663->664 665 7ff60a4ef6be-7ff60a4ef6db 664->665 666 7ff60a4ef71f-7ff60a4ef748 wcstombs 664->666 667 7ff60a4ef6dd-7ff60a4ef6f0 665->667 668 7ff60a4ef6f9-7ff60a4ef704 665->668 666->657 669 7ff60a4ef74e-7ff60a4ef75c 666->669 667->664 670 7ff60a4ef6f2 667->670 671 7ff60a4ef6f4 668->671 672 7ff60a4ef706-7ff60a4ef711 668->672 669->657 670->668 671->668 672->664 672->671
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: wcstombs$setlocale$free$mbstowcsrealloc$_strdup
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 918573998-0
                                                                                                                                                                                                                                        • Opcode ID: bc37caea81c3f1b4857c0da5a89418885bf617b27b1e748d0f14d2c635658186
                                                                                                                                                                                                                                        • Instruction ID: d395426dfccf1a992390d9f367a9e1daf53ce1a45d92bf881f42eeabf5a2b690
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc37caea81c3f1b4857c0da5a89418885bf617b27b1e748d0f14d2c635658186
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27F1C46BB04A1688EB50DBAAD4412BC37B1BB48BD8F904476DE4CA77A9EF38D455C310
                                                                                                                                                                                                                                        Function 00007FF60A4E1710 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 231fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 673 7ff60a4e1710-7ff60a4e177d call 7ff60a4ea920 676 7ff60a4e1783-7ff60a4e1793 malloc 673->676 677 7ff60a4e1a58-7ff60a4e1a70 call 7ff60a4e2e60 673->677 678 7ff60a4e1ab7-7ff60a4e1ace call 7ff60a4e2fe0 676->678 679 7ff60a4e1799-7ff60a4e17a9 malloc 676->679 691 7ff60a4e1a75-7ff60a4e1a93 677->691 688 7ff60a4e1aaf 678->688 682 7ff60a4e17af-7ff60a4e17cd 679->682 683 7ff60a4e1a98-7ff60a4e1aaa call 7ff60a4e2fe0 679->683 686 7ff60a4e17d5-7ff60a4e17f7 fread 682->686 683->688 689 7ff60a4e1a30-7ff60a4e1a39 686->689 690 7ff60a4e17fd-7ff60a4e1807 ferror 686->690 688->678 695 7ff60a4e1a41-7ff60a4e1a53 689->695 690->689 692 7ff60a4e180d-7ff60a4e182e 690->692 693 7ff60a4e19d0-7ff60a4e19d8 691->693 696 7ff60a4e1831-7ff60a4e184d call 7ff60a4ea9d0 692->696 694 7ff60a4e1928-7ff60a4e192a 693->694 694->696 699 7ff60a4e1930-7ff60a4e1951 694->699 697 7ff60a4e187f-7ff60a4e1892 call 7ff60a4e2e60 695->697 705 7ff60a4e184f-7ff60a4e1852 696->705 706 7ff60a4e1868-7ff60a4e186b 696->706 708 7ff60a4e1897-7ff60a4e18c4 call 7ff60a4ec780 free * 2 697->708 702 7ff60a4e1ad0-7ff60a4e1adb 699->702 703 7ff60a4e1957-7ff60a4e195a 699->703 703->686 707 7ff60a4e1960-7ff60a4e1977 703->707 709 7ff60a4e1854-7ff60a4e1863 705->709 710 7ff60a4e18c8-7ff60a4e18e1 705->710 706->710 712 7ff60a4e186d-7ff60a4e187c 706->712 707->708 711 7ff60a4e197d 707->711 709->697 714 7ff60a4e18e7-7ff60a4e1909 fwrite 710->714 715 7ff60a4e1988-7ff60a4e1991 710->715 711->697 712->697 714->695 717 7ff60a4e190f-7ff60a4e191e ferror 714->717 715->694 718 7ff60a4e1993-7ff60a4e1997 715->718 717->695 721 7ff60a4e1924 717->721 719 7ff60a4e19e0-7ff60a4e1a26 718->719 720 7ff60a4e1999-7ff60a4e199d 718->720 719->693 720->691 722 7ff60a4e19a3-7ff60a4e19a6 720->722 721->694 722->693 723 7ff60a4e19a8-7ff60a4e19b9 722->723 723->693 724 7ff60a4e19bb-7ff60a4e19cf 723->724 724->693
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: malloc$ferrorfree$freadfwrite
                                                                                                                                                                                                                                        • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                        • API String ID: 1635854594-1655038675
                                                                                                                                                                                                                                        • Opcode ID: 22390303672ce74b292f316d6f752cd37e13e327d430568f65e89fb6ed1d6532
                                                                                                                                                                                                                                        • Instruction ID: f0579c2b5393e89033ba65c718d7c00fa12e5e57dd6912c22ea0907ef9bfd6a7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22390303672ce74b292f316d6f752cd37e13e327d430568f65e89fb6ed1d6532
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E91012BB4C69241E620CF1AE8403BA6290FB65BD4F248675DE9D83BC5EF7CE485D700
                                                                                                                                                                                                                                        Function 00007FFB1C2E6200 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 83COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429044585.00007FFB1C2E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1C2E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429021882.00007FFB1C2E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429193065.00007FFB1C2F0000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c2e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_Err_ParseSizeTuple_$Buffer_ClearReleasesetsockopt$Format
                                                                                                                                                                                                                                        • String ID: iiO!I:setsockopt$iii:setsockopt$iiy*:setsockopt$socket option is larger than %i bytes
                                                                                                                                                                                                                                        • API String ID: 418579395-1608436615
                                                                                                                                                                                                                                        • Opcode ID: a4182235d411a15356609dcc6ccf93f7645984726471b5ba0863677d165f2325
                                                                                                                                                                                                                                        • Instruction ID: a0c037f10cf404407e9f9a8f2e1e3f6c108ebaf5a3883cb959acb28371a56834
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4182235d411a15356609dcc6ccf93f7645984726471b5ba0863677d165f2325
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F41FEF6608E86D2DB209F65E8486E97372FB88BA4F600231DA9D53754DF7CD548C780
                                                                                                                                                                                                                                        Function 00007FF60A4E16D0 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 342stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free$DirectoryEnvironmentVariablecalloc$ByteCharFileModuleMultiNameWidestrcmpstrcpy
                                                                                                                                                                                                                                        • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                        • API String ID: 2187479179-3096095006
                                                                                                                                                                                                                                        • Opcode ID: 77efaa2d4623c45b5b74c92c9212e285a0ec3a2d66ca2dbf9d5886927e4342f2
                                                                                                                                                                                                                                        • Instruction ID: 793c10a890f09ede0e21596dd3313359af58d52de6def158b8308612b0c86b35
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77efaa2d4623c45b5b74c92c9212e285a0ec3a2d66ca2dbf9d5886927e4342f2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04E1B02BA0C64280FA55EF22E8142BA6754AF85BC0F6401B5EE4ECB7D6EF3CF5008740
                                                                                                                                                                                                                                        Function 00007FF60A4E1F90 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 132COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: freadmalloc$_wfopenfclosefree
                                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 2617120823-2084260460
                                                                                                                                                                                                                                        • Opcode ID: d1c95159622f53600a6b842e877eadccf9e41d3ab860a7708e865834f5b35d9c
                                                                                                                                                                                                                                        • Instruction ID: da933b99d12b47815ebb8e605324b531c46183f249791ab6e350bac5f8394190
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1c95159622f53600a6b842e877eadccf9e41d3ab860a7708e865834f5b35d9c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5351A077B0960286EB14DB28D8402B863A1EF88BD4F75927AD90D837D5EF7CE902C744
                                                                                                                                                                                                                                        Function 00007FF60A4E1B30 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 89COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _wfopenfclosefreadfreemalloc
                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$_MEIPASS2$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 3354994319-975985129
                                                                                                                                                                                                                                        • Opcode ID: d46519c14c6ac2f49e9d7e5e2144b9f8adaab573c06dd052fbe33cff438c47bc
                                                                                                                                                                                                                                        • Instruction ID: 3d58ac41096ff9a91f3bb61c8c0dff8cce8c2b737374f2ac0050cfebaf6fe0f2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d46519c14c6ac2f49e9d7e5e2144b9f8adaab573c06dd052fbe33cff438c47bc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B31DE1BB8861798FE04D715D804ABA2200AF25BC8FA451B6DC0DC7686FE3CE446C300
                                                                                                                                                                                                                                        Function 00007FF60A4E6450 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 122COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: callocfflush$strcmpstrncmp
                                                                                                                                                                                                                                        • String ID: Failed to allocate PyConfig structure! Unsupported python version?$Failed to parse run-time options!$Failed to pre-initialize embedded python interpreter!$Failed to set module search paths!$Failed to set program name!$Failed to set python home path!$Failed to set run-time options!$Failed to set sys.argv!$Failed to start embedded python interpreter!
                                                                                                                                                                                                                                        • API String ID: 2710203250-3807717293
                                                                                                                                                                                                                                        • Opcode ID: 20069458dbc6cbfea570bcd6b724cb1ff9c6197de144f72581953467c1bf7855
                                                                                                                                                                                                                                        • Instruction ID: 9a2a5f3f65520d24608b5ef78bdfdc224f4da417b04e08476d59f1f6e6cb70a6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20069458dbc6cbfea570bcd6b724cb1ff9c6197de144f72581953467c1bf7855
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47516C1BB4CA5781FA51EB29F8510B99358BF90BD4F7415B5EE4EC22E6FE2CE9058300
                                                                                                                                                                                                                                        Function 00007FFB1E0F2940 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 249COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1431293834.00007FFB1E0F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB1E0F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431145957.00007FFB1E0F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431423223.00007FFB1E100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431562283.00007FFB1E107000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431628414.00007FFB1E10B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1431628414.00007FFB1E10D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1e0f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CallDeallocErr_FormatObject_memset
                                                                                                                                                                                                                                        • String ID: argument %zd: $too many arguments (%zi), maximum is %i
                                                                                                                                                                                                                                        • API String ID: 1791410686-4072972272
                                                                                                                                                                                                                                        • Opcode ID: 1ba36a7ac08a155524fe79a7f55e96b8ff6702ae81b215f841b82ea5c4f019d2
                                                                                                                                                                                                                                        • Instruction ID: 5660dc6fdc4ae89f524dadde2db30698105916884010c795d207f57ba2a1c0ed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ba36a7ac08a155524fe79a7f55e96b8ff6702ae81b215f841b82ea5c4f019d2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DB180B2A09E8286EA608F35D80A6B92366FF04BB4F544631DE6D4B7D4DF3CF5618340
                                                                                                                                                                                                                                        Function 00007FFB0BE46B64 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ModuleModule_StateType_$CheckErr_KeywordsLong_OccurredPositional
                                                                                                                                                                                                                                        • String ID: _SSLContext
                                                                                                                                                                                                                                        • API String ID: 2062694701-1468230856
                                                                                                                                                                                                                                        • Opcode ID: e1dda638e90aa00a6c082847ddfc95ba809fc01c4977c107aa53b1216b8e28f3
                                                                                                                                                                                                                                        • Instruction ID: 7eedd9f6743fad744723bea89e0764375e4c4e6776d85b83864e6e2e795903ac
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1dda638e90aa00a6c082847ddfc95ba809fc01c4977c107aa53b1216b8e28f3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63212AA5B09A4285EA189F32ED549696361EB89FD0F48CC34DA1FC77B4DF6CE8558300
                                                                                                                                                                                                                                        Function 00007FFB1C2E3A8C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 83networkthreadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429044585.00007FFB1C2E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1C2E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429021882.00007FFB1C2E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429193065.00007FFB1C2F0000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c2e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorLast$CheckErr_Eval_SignalsThread$RestoreSaveconnect
                                                                                                                                                                                                                                        • String ID: 3'
                                                                                                                                                                                                                                        • API String ID: 1012362816-280543908
                                                                                                                                                                                                                                        • Opcode ID: 4c2aaa0c3d8159640696ba06d8d00cbee7b06f13f29e807c9c1db9180f4fbb81
                                                                                                                                                                                                                                        • Instruction ID: c35e05d751aa560df2f92c13bccfaa9cd375047c49c702805aa38a530f219126
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c2aaa0c3d8159640696ba06d8d00cbee7b06f13f29e807c9c1db9180f4fbb81
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 373150E1B08F4287E7547F75E4482BA6392BF44BB5F240139EE4EA2795DF7CE4408680
                                                                                                                                                                                                                                        Function 00007FF60A4E6640 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 102stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: freestrlen
                                                                                                                                                                                                                                        • String ID: Failed to get _MEIPASS as PyObject.$Module object for %s is NULL!$_MEIPASS$_MEIPASS2$strict$utf-8
                                                                                                                                                                                                                                        • API String ID: 322734593-568040347
                                                                                                                                                                                                                                        • Opcode ID: bcb0127c5dab6e84a220b48ca7cce279c068038af8a6d590116afdfab4c19750
                                                                                                                                                                                                                                        • Instruction ID: 8b806ea8f4955f84fb95709a0ad42a476107207ae54d566f1ee53a1d98d767b0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcb0127c5dab6e84a220b48ca7cce279c068038af8a6d590116afdfab4c19750
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1641A22BB19E0681EE15DB26E8444B96360BF59FD4F6845B6ED0E873A0EF3CE445C300
                                                                                                                                                                                                                                        Function 00007FFB1C2E4EAC Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429044585.00007FFB1C2E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1C2E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429021882.00007FFB1C2E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429193065.00007FFB1C2F0000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c2e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Long_Occurred$Arg_KeywordsUnpack
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 591546834-0
                                                                                                                                                                                                                                        • Opcode ID: a7a7f93d6c09b976a644a8703b6fda579b77e3a5ef28a09bae6b61967c8d869f
                                                                                                                                                                                                                                        • Instruction ID: 790ed83a3333f8cf223ee282707afa648702ea9cdc61f553d951ca010e29d4e2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7a7f93d6c09b976a644a8703b6fda579b77e3a5ef28a09bae6b61967c8d869f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC417DE1A09E4243FA66ABB5E4487F56392BF44FB4F240635DE5D63790DF3CE4448280
                                                                                                                                                                                                                                        Function 00007FFB1C2E3CC4 Relevance: 9.0, APIs: 6, Instructions: 34threadnetworkCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429044585.00007FFB1C2E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1C2E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429021882.00007FFB1C2E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429193065.00007FFB1C2F0000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c2e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Restore$Err_ErrorFromLastSaveWindowsioctlsocket
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 863680558-0
                                                                                                                                                                                                                                        • Opcode ID: 512bd52ceaf9c0de34ffa74ee59c230cdbc7db2c8c488b05b8fb4fcd4203aa17
                                                                                                                                                                                                                                        • Instruction ID: e8ea415dfdedcf41f587986853b0d053de288c55f28d82790af0c04782732f61
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 512bd52ceaf9c0de34ffa74ee59c230cdbc7db2c8c488b05b8fb4fcd4203aa17
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE0144E5B18E8283E710AB7AF44806A63A1FF88BF5B604130E98E63724CF7CD4958750
                                                                                                                                                                                                                                        Function 00007FFB1C2E4864 Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429044585.00007FFB1C2E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1C2E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429021882.00007FFB1C2E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429193065.00007FFB1C2F0000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c2e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave_errnoclosesocket
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1624953543-0
                                                                                                                                                                                                                                        • Opcode ID: 1179f49cef2614599ac27385311664bb38b10ace598ec30c3f873f2a9e03a6a8
                                                                                                                                                                                                                                        • Instruction ID: 945bfa5eced6ded42266c604ba85bf877ff3ed79d0352d53edff94d1e45fcfb1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1179f49cef2614599ac27385311664bb38b10ace598ec30c3f873f2a9e03a6a8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75F012A5A18F9187E614AB79F8480B973A1FB44BB5B250730DABA277E4CF7CD445C340
                                                                                                                                                                                                                                        Function 00007FFB1C2E48D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C2E3588: PyErr_Format.PYTHON311 ref: 00007FFB1C2E37DF
                                                                                                                                                                                                                                        • PySys_Audit.PYTHON311 ref: 00007FFB1C2E492C
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C2E3A8C: PyEval_SaveThread.PYTHON311 ref: 00007FFB1C2E3AAA
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C2E3A8C: connect.WS2_32 ref: 00007FFB1C2E3ABD
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C2E3A8C: PyEval_RestoreThread.PYTHON311 ref: 00007FFB1C2E3AC8
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C2E3A8C: WSAGetLastError.WS2_32 ref: 00007FFB1C2E3AD6
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C2E3A8C: WSAGetLastError.WS2_32 ref: 00007FFB1C2E3AE2
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C2E3A8C: PyErr_CheckSignals.PYTHON311 ref: 00007FFB1C2E3AEF
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C2E3A8C: WSASetLastError.WS2_32 ref: 00007FFB1C2E3B2C
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429044585.00007FFB1C2E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1C2E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429021882.00007FFB1C2E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429124900.00007FFB1C2E8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429193065.00007FFB1C2F0000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429217952.00007FFB1C2F2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c2e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatRestoreSaveSignalsSys_connect
                                                                                                                                                                                                                                        • String ID: connect$socket.connect
                                                                                                                                                                                                                                        • API String ID: 2206401578-326844852
                                                                                                                                                                                                                                        • Opcode ID: 08dea9c7b47cbf83febe4142e36ed0337974ddfefe98abedf1de9112f6a196c8
                                                                                                                                                                                                                                        • Instruction ID: 8ccf042d4499e891fd84ea9e5c512693b5b080f35fd2c3ac17eedca3985cf044
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08dea9c7b47cbf83febe4142e36ed0337974ddfefe98abedf1de9112f6a196c8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 421130E1708E8282EA20AB71F8547F66361FB44B94F640036DA9D67759DF3DE144C780
                                                                                                                                                                                                                                        Function 00007FF60A4E8BB0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: freemalloc
                                                                                                                                                                                                                                        • String ID: _MEIPASS2
                                                                                                                                                                                                                                        • API String ID: 3061335427-3944641314
                                                                                                                                                                                                                                        • Opcode ID: 3e4fb6884e2bb49f6a40b196d607ae5dd92198094feec2f6e49b1c97b51178f1
                                                                                                                                                                                                                                        • Instruction ID: 32529d14d003f420574507e96a7693ead9008222d07bb4091e306aba9cfe4348
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e4fb6884e2bb49f6a40b196d607ae5dd92198094feec2f6e49b1c97b51178f1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6721D617B5A15281FE15DB22DD047FAA6456F86BC4FA804B5DE0D8B782FE3DE542C300
                                                                                                                                                                                                                                        Function 00007FF60A4E7020 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: calloc
                                                                                                                                                                                                                                        • String ID: Cannot allocate memory for SPLASH_STATUS.$calloc
                                                                                                                                                                                                                                        • API String ID: 2635317215-799113134
                                                                                                                                                                                                                                        • Opcode ID: f2af3c9f5e49862c4fdb12449ad5d52b59e493735a903b8862745a60d1d68c81
                                                                                                                                                                                                                                        • Instruction ID: fdeb99a512dfcdd418a9583d5d93ab0ba593fe116d11991d77e5ccbb77313096
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2af3c9f5e49862c4fdb12449ad5d52b59e493735a903b8862745a60d1d68c81
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CE0EC6EE4860690EE54D710E4911B923509F843D4FA410B8DA0C867A5EE6CE505CB80
                                                                                                                                                                                                                                        Function 00007FF60A4E22C0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 93stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: strcpy
                                                                                                                                                                                                                                        • String ID: pyi-contents-directory
                                                                                                                                                                                                                                        • API String ID: 3177657795-2617349511
                                                                                                                                                                                                                                        • Opcode ID: 5bf9b9d7ed3ee3d6fd6229c4798420956e625b75858e8fae20c676d5f28f119e
                                                                                                                                                                                                                                        • Instruction ID: 734f8dd0c101d0ecf11f74c5f922e73383c348498141aa10c468c9d4383b2481
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5bf9b9d7ed3ee3d6fd6229c4798420956e625b75858e8fae20c676d5f28f119e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F631C36BB4868284FE20DA75E9083F91345AF44BC4F684172DD0DCB78AEEBCE546C710
                                                                                                                                                                                                                                        Function 00007FF60A4F0060 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: fsetpos
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 850078086-0
                                                                                                                                                                                                                                        • Opcode ID: 465717a23ec0afd49ac1cc4503031fffc665e619fc2808689674e9d738e7ebcb
                                                                                                                                                                                                                                        • Instruction ID: 07cc2196d678317582ef120eb9ade4757af141a34b58fa46c87b1de532978cb5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 465717a23ec0afd49ac1cc4503031fffc665e619fc2808689674e9d738e7ebcb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0116F7BA44B068DEF108F75D8411AC33A0EB847DCF205AB9EA5E8778AEF38D0508340
                                                                                                                                                                                                                                        Function 00007FF60A4E87C0 Relevance: 3.0, APIs: 2, Instructions: 20libraryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF60A4E9090: MultiByteToWideChar.KERNEL32(00007FF60A4E2E07,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,?,00007FF60A4E2FD0), ref: 00007FF60A4E90C6
                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32 ref: 00007FF60A4E87E1
                                                                                                                                                                                                                                        • free.MSVCRT ref: 00007FF60A4E87ED
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharLibraryLoadMultiWidefree
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3231889924-0
                                                                                                                                                                                                                                        • Opcode ID: 535df131c80773ec3641a450554190b52356524c405bfe3dafee0d4a050d7bfd
                                                                                                                                                                                                                                        • Instruction ID: 969b17578665e1f42ef213df5b00111cac02959d43dade5925da0cfdfd241e61
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 535df131c80773ec3641a450554190b52356524c405bfe3dafee0d4a050d7bfd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1D02E02F2A17601FE8CF3B77C1AAA611401F89FC0EA8A878CC0D87742EC2D81824B00
                                                                                                                                                                                                                                        Function 00007FF60A4EFF1B Relevance: 2.6, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: freememsetwcslen
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2332356550-0
                                                                                                                                                                                                                                        • Opcode ID: c2e1b32b20ba580d70b52182103e0aee796dda81a15ec91a94acdf2495544fb0
                                                                                                                                                                                                                                        • Instruction ID: 7a69d734e020fc66e72d67ffd987a1eb83796cedff41aba9fcba07fd944a3e91
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2e1b32b20ba580d70b52182103e0aee796dda81a15ec91a94acdf2495544fb0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E31B86AB04B1489EB14CF76D48109C3BB1FB98BE8B118566EE1C57B68EB34C591C790
                                                                                                                                                                                                                                        Function 00007FFB0BE47EBC Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_KeywordsUnpack
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1409375599-0
                                                                                                                                                                                                                                        • Opcode ID: 98172ae73ca449c01f505d1ceff30b1d073a65372bd5f5dd572d87a74439bba1
                                                                                                                                                                                                                                        • Instruction ID: a86cd013680b0a2829a3a94a77020167a9a3d459994ed319035c8481227d757f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98172ae73ca449c01f505d1ceff30b1d073a65372bd5f5dd572d87a74439bba1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A21A0A2B0975146EA598F62D810D6967A4FF05BC4F458835EE0E977A4DF3CE841C740
                                                                                                                                                                                                                                        Function 00007FF60A4E4650 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF60A4E9090: MultiByteToWideChar.KERNEL32(00007FF60A4E2E07,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,?,00007FF60A4E2FD0), ref: 00007FF60A4E90C6
                                                                                                                                                                                                                                        • _wfopen.MSVCRT ref: 00007FF60A4E4695
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_wfopen
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 372205238-0
                                                                                                                                                                                                                                        • Opcode ID: 8e21174acb464d8d1757056906152d011765c52c98c26f0b73aa27ab55bd4878
                                                                                                                                                                                                                                        • Instruction ID: ddb43c3c1542d52eac75788b103631811515f3de25112116a9a0ec2e1e724770
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e21174acb464d8d1757056906152d011765c52c98c26f0b73aa27ab55bd4878
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16E0929270821041F915E212E9147EA82526F8AFC0F508030EF0C9BB8B9E1DD7438700
                                                                                                                                                                                                                                        Function 00007FF60A4ED990 Relevance: 1.3, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                                                                                        • Opcode ID: a1c7189d00abfc9b8276c972b3be7d95addfd7c87cd30e887ec7055d5bdc4fb6
                                                                                                                                                                                                                                        • Instruction ID: c99c47176f0f27ca8bac60c8046eb83ed11b8e99a5f7c9057309f885a9b262cc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1c7189d00abfc9b8276c972b3be7d95addfd7c87cd30e887ec7055d5bdc4fb6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1631F66BF0871599FB50DBA6D4403BC37B0A704B88F6044B6DE8CA7B98EF789691C710
                                                                                                                                                                                                                                        Function 00007FF60A4EA920 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1422861017.00007FF60A4E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60A4E0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422842947.00007FF60A4E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422889358.00007FF60A4FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422909209.00007FF60A4FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422928788.00007FF60A505000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A507000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422945780.00007FF60A509000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1422986473.00007FF60A50A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1423005059.00007FF60A50D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff60a4e0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: malloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                                                                                                                        • Opcode ID: 70144d6ec82bfe141b5cbf93c26a1062560a1e9f03a4e2e5c767b20eb75f5ad6
                                                                                                                                                                                                                                        • Instruction ID: 1472c2aa4d444e82b7f95da8778ba160212bf3f7073e5df022a092e564ab735d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70144d6ec82bfe141b5cbf93c26a1062560a1e9f03a4e2e5c767b20eb75f5ad6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42216D37A09A4282EB61CB15D4403392691BB84BE9F3942B4C94E873D0EF39D887C301

                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                        Function 00007FFB0BE48288 Relevance: 107.0, APIs: 50, Strings: 11, Instructions: 276COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocDict_$FromItemLongLong_StringX_ctrl
                                                                                                                                                                                                                                        • String ID: accept$accept_good$accept_renegotiate$cache_full$connect$connect_good$connect_renegotiate$hits$misses$number$timeouts
                                                                                                                                                                                                                                        • API String ID: 3804526530-4076585280
                                                                                                                                                                                                                                        • Opcode ID: e8ae070016eab53b708e515cb46f8001f75b776ebd0316c355b6d53e59e68267
                                                                                                                                                                                                                                        • Instruction ID: ee388d730f3a52990ad45c0a57982fc32b1267ad8742e93c95e4f0ec80b3fa5f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8ae070016eab53b708e515cb46f8001f75b776ebd0316c355b6d53e59e68267
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AC1EEA5A08B4682EA685F75E964D7A33A1BF45B95B04DC34CE0F87B74EF6CE8048301
                                                                                                                                                                                                                                        Function 00007FFB1BB11890 Relevance: 86.1, APIs: 30, Strings: 19, Instructions: 332threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_LongLong_$Arg_Buffer_$ArgumentOccurredUnsigned$BufferContiguousE_scryptEval_Object_ReleaseStringThread$Bytes_FormatFromKeywordsRestoreSaveSizeUnpack
                                                                                                                                                                                                                                        • String ID: @$Invalid parameter combination for n, r, p, maxmem.$argument 'n'$argument 'p'$argument 'password'$argument 'r'$argument 'salt'$contiguous buffer$dklen must be greater than 0 and smaller than %d$int$maxmem must be positive and smaller than %d$n is required and must be an unsigned int$n must be a power of 2.$p is required and must be an unsigned int$password is too long.$r is required and must be an unsigned int$salt is required$salt is too long.$scrypt
                                                                                                                                                                                                                                        • API String ID: 756542180-2474027488
                                                                                                                                                                                                                                        • Opcode ID: effdb789fc02b71abe37bbb0c49ed98710734450ab742e0762af546370c50bf6
                                                                                                                                                                                                                                        • Instruction ID: eca499aadcab347d93e3f60d2d2f3bb36f890bb26a618c4deb50848f7b0261b1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: effdb789fc02b71abe37bbb0c49ed98710734450ab742e0762af546370c50bf6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AAF119A9A09E42C1EA308B76F84437A23A2FF45BA4F54A135D94E47EB4DF3CE549C300
                                                                                                                                                                                                                                        Function 00007FFB0BE4B5CC Relevance: 54.5, APIs: 29, Strings: 2, Instructions: 206threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • _PyObject_GC_New.PYTHON311(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B66A
                                                                                                                                                                                                                                        • ERR_clear_error.LIBCRYPTO-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B6AD
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON311(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B6B3
                                                                                                                                                                                                                                        • SSL_new.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B6BF
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON311(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B6CC
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B6E4
                                                                                                                                                                                                                                        • SSL_get0_param.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B700
                                                                                                                                                                                                                                        • X509_VERIFY_PARAM_set_hostflags.LIBCRYPTO-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B70C
                                                                                                                                                                                                                                        • SSL_set_ex_data.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B71B
                                                                                                                                                                                                                                        • SSL_set_fd.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B72E
                                                                                                                                                                                                                                        • BIO_up_ref.LIBCRYPTO-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B742
                                                                                                                                                                                                                                        • BIO_up_ref.LIBCRYPTO-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B754
                                                                                                                                                                                                                                        • SSL_set_bio.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B766
                                                                                                                                                                                                                                        • SSL_ctrl.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B77B
                                                                                                                                                                                                                                        • SSL_get_verify_mode.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B794
                                                                                                                                                                                                                                        • SSL_get_verify_callback.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B7A5
                                                                                                                                                                                                                                        • SSL_set_verify.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B7B7
                                                                                                                                                                                                                                        • SSL_set_post_handshake_auth.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B7C1
                                                                                                                                                                                                                                        • SSL_get_rbio.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B7EF
                                                                                                                                                                                                                                        • BIO_ctrl.LIBCRYPTO-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B804
                                                                                                                                                                                                                                        • SSL_get_wbio.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B80E
                                                                                                                                                                                                                                        • BIO_ctrl.LIBCRYPTO-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B81F
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON311(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B825
                                                                                                                                                                                                                                        • SSL_set_connect_state.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B837
                                                                                                                                                                                                                                        • SSL_set_accept_state.LIBSSL-1_1(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B83F
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON311(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B848
                                                                                                                                                                                                                                        • PyWeakref_NewRef.PYTHON311(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B85C
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B8A0
                                                                                                                                                                                                                                        • PyObject_GC_Track.PYTHON311(?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE4B8D7
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • Cannot create a client socket with a PROTOCOL_TLS_SERVER context, xrefs: 00007FFB0BE4B659
                                                                                                                                                                                                                                        • Cannot create a server socket with a PROTOCOL_TLS_CLIENT context, xrefs: 00007FFB0BE4B612
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$DeallocO_ctrlO_up_refObject_RestoreSave$L_ctrlL_get0_paramL_get_rbioL_get_verify_callbackL_get_verify_modeL_get_wbioL_newL_set_accept_stateL_set_bioL_set_connect_stateL_set_ex_dataL_set_fdL_set_post_handshake_authL_set_verifyM_set_hostflagsR_clear_errorTrackWeakref_X509_
                                                                                                                                                                                                                                        • String ID: Cannot create a client socket with a PROTOCOL_TLS_SERVER context$Cannot create a server socket with a PROTOCOL_TLS_CLIENT context
                                                                                                                                                                                                                                        • API String ID: 4263894999-1683031804
                                                                                                                                                                                                                                        • Opcode ID: 021450d91192f1cbb52dc595cded00625c73e7b12feb7ae27add990bffe47f42
                                                                                                                                                                                                                                        • Instruction ID: 05d2074122198d38c725ccee84cb21bc1a9fe6f256cbb728eb9f2dba07c7806c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 021450d91192f1cbb52dc595cded00625c73e7b12feb7ae27add990bffe47f42
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E912CB5A08B4282EA689F36E85493977A1FF89B94F04D935CA4F87774DF3CE8458700
                                                                                                                                                                                                                                        Function 00007FFB1C4F8B50 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Size$Arg_Err_ParseTuple_$Sequence_malloc$ClearReferenceString$AllocateCheckCopyDeallocInitializeLengthTuplememset
                                                                                                                                                                                                                                        • String ID: (bbbbbb)O:SID$AllocateAndInitializeSid$SID buffer size beyond INT_MAX$s#:SID$sub authorities must be a sequence of integers.$sub authorities sequence size must be <= 8$|llllllll:SID$|n:SID
                                                                                                                                                                                                                                        • API String ID: 2034972351-3682999398
                                                                                                                                                                                                                                        • Opcode ID: 6000ef856ccf4ccd5e6f0fb91aab3a2e541e7a8ba8494327b4b40379e995bf2a
                                                                                                                                                                                                                                        • Instruction ID: 5684e6ffc94436591a5f0435925e0561e8a105fe57e87252b0d2d09b7c1815af
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6000ef856ccf4ccd5e6f0fb91aab3a2e541e7a8ba8494327b4b40379e995bf2a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D58144F2A09E4299EB50CF35E4492E933A5FB88798F604136EA4D87758DF3CD564C740
                                                                                                                                                                                                                                        Function 00007FFB0BE4A030 Relevance: 34.7, APIs: 23, Instructions: 173encryptionCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Cert$From$StoreString$ErrorInternLastSet_Unicode_$Bytes_CertificateCertificatesCloseContextEnhancedEnumErr_FreeListOpenSequence_SizeTuple_UsageWindows
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2957225168-0
                                                                                                                                                                                                                                        • Opcode ID: 9aeb70586f999dbe846e920ea26289f23c73863546ede52c525bded06eee1d85
                                                                                                                                                                                                                                        • Instruction ID: 792dbe536d55f650bfe45e1b17de5654dd9ecdb87ea590f199ca78316c26e287
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9aeb70586f999dbe846e920ea26289f23c73863546ede52c525bded06eee1d85
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D66119F1E4DA5681EA5D9FB1D91893962A0BF45BA0F09DC34C90F86BB0EF3DE8059304
                                                                                                                                                                                                                                        Function 00007FFB0BE495F8 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 179threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Deadline_DeallocEval_O_ctrlThread$Err_InitL_get_rbioL_get_wbioL_set_read_aheadL_shutdownObjectRestoreSaveStringWeakref_
                                                                                                                                                                                                                                        • String ID: $The read operation timed out$The write operation timed out$Underlying socket connection gone$Underlying socket too large for select().
                                                                                                                                                                                                                                        • API String ID: 1084328889-1779898184
                                                                                                                                                                                                                                        • Opcode ID: fcb64e4327a2f2970ac02370823b6e86b95da0e106b9cc4c1a93ae8113ddc267
                                                                                                                                                                                                                                        • Instruction ID: 7c5c7c51ee5c5a9fc09ba673bc82c308d1d51d219c06be2578af1c2ab201a5f5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fcb64e4327a2f2970ac02370823b6e86b95da0e106b9cc4c1a93ae8113ddc267
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 617172B5A08A4289EB698F36E854A7A6361FF89B94F44C931CE0F93675DF3CE445C300
                                                                                                                                                                                                                                        Function 00007FFB0BE499F0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 177threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Deadline_DeallocErr_Eval_O_ctrlThread$CheckFromInitL_get_rbioL_get_wbioL_write_exLong_ObjectR_clear_errorR_peek_last_errorRestoreSaveSignalsSize_tStringWeakref_
                                                                                                                                                                                                                                        • String ID: The write operation timed out$Underlying socket connection gone$Underlying socket has been closed.$Underlying socket too large for select().
                                                                                                                                                                                                                                        • API String ID: 919700936-3133696731
                                                                                                                                                                                                                                        • Opcode ID: 32901362f2e2678a1c49e2e88a408c6266f2a7deef6f7715e06d6a30da19130e
                                                                                                                                                                                                                                        • Instruction ID: e637c3e87cf0782a0f97b59309811f079dbe0b06cabd998408a9d9d3b1810cf5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 32901362f2e2678a1c49e2e88a408c6266f2a7deef6f7715e06d6a30da19130e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21714FA5B08A4689EA689F32D850A7A27A1FF85B84F04C931CD0FD3775DF7CE8459304
                                                                                                                                                                                                                                        Function 00007FFB0BE4A37C Relevance: 30.1, APIs: 20, Instructions: 138encryptionCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$CertFrom$StoreString$InternSet_Unicode_$Bytes_CloseContextEnumErr_ErrorFreeLastListOpenSequence_SizeTuple_Windows
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1063190953-0
                                                                                                                                                                                                                                        • Opcode ID: 48e065d5e6b43529213dc6e5612a1d5a23be69fdf3a8d27bc5a8b246a9210ef3
                                                                                                                                                                                                                                        • Instruction ID: 69a086987c2fd02aee0a09d3ccb52d7c260ef2394ac122f8ea2a2efba16bb0d2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48e065d5e6b43529213dc6e5612a1d5a23be69fdf3a8d27bc5a8b246a9210ef3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B51FFB1E4DA1285EA5D5F71E95893D62A1BF54BA1F19DC34C90F86BB0EF2CE8059300
                                                                                                                                                                                                                                        Function 00007FFB1C4F7CD0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DescriptorSecurityfree$DaclErr_String$Arg_GroupLengthOwnerParseTupleValid
                                                                                                                                                                                                                                        • String ID: SetSecurityDescriptorDacl$The object is not a PyACL object$iOi:SetSecurityDescriptorDacl
                                                                                                                                                                                                                                        • API String ID: 1359849467-4100764314
                                                                                                                                                                                                                                        • Opcode ID: cdacdd4873b959894b20ab8c183ff61d600aaac71809701077a3b305c6d7f840
                                                                                                                                                                                                                                        • Instruction ID: 594444c4d7080d5372c7b118e8dff7ea9a18bd21a0414fb9722f63d3cce06142
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdacdd4873b959894b20ab8c183ff61d600aaac71809701077a3b305c6d7f840
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62514DE2B08E1285FB95CF75D8491F923A2BF84BA8FA44436DE0D97654DE3CE465C310
                                                                                                                                                                                                                                        Function 00007FFB0BE44E1C Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE41558: OBJ_obj2txt.LIBCRYPTO-1_1 ref: 00007FFB0BE4159D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE41558: PyUnicode_FromStringAndSize.PYTHON311 ref: 00007FFB0BE415C3
                                                                                                                                                                                                                                        • ASN1_STRING_type.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE44D1B), ref: 00007FFB0BE44E60
                                                                                                                                                                                                                                        • ASN1_STRING_length.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE44D1B), ref: 00007FFB0BE44E6E
                                                                                                                                                                                                                                        • ASN1_STRING_get0_data.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE44D1B), ref: 00007FFB0BE44E7A
                                                                                                                                                                                                                                        • _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,00000000,00007FFB0BE44D1B), ref: 00007FFB0BE44E90
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE46120: ERR_peek_last_error.LIBCRYPTO-1_1 ref: 00007FFB0BE46138
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE46120: ERR_clear_error.LIBCRYPTO-1_1 ref: 00007FFB0BE46164
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Size$BuildFromG_get0_dataG_lengthG_typeJ_obj2txtR_clear_errorR_peek_last_errorStringUnicode_Value_
                                                                                                                                                                                                                                        • String ID: D:\_w\1\s\Modules\_ssl.c$Ns#$Ny#
                                                                                                                                                                                                                                        • API String ID: 264388756-3560218125
                                                                                                                                                                                                                                        • Opcode ID: 5a88ca6b1546f298765236d462ca21c69d5281f40296650fa8867ee1e04f612d
                                                                                                                                                                                                                                        • Instruction ID: 7a9de1cf5f12022b93684b6d441f784a725b8d3cd49a8da406de347b7ee1c7a7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a88ca6b1546f298765236d462ca21c69d5281f40296650fa8867ee1e04f612d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE2176A1B0C65282EA189B72E944A79A360AF86BC5F44C830DD0F87B74DF3CE5054700
                                                                                                                                                                                                                                        Function 00007FFB1C4FF654 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                                                        • Opcode ID: 078a930f76983f913e0103a9ea90aa5b565463221b687f5233979c6463f11ac0
                                                                                                                                                                                                                                        • Instruction ID: 2499f808a1ae1a180dbca8f6dce8c91bf4ffe2f36b53b010196056531678b75f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 078a930f76983f913e0103a9ea90aa5b565463221b687f5233979c6463f11ac0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77314CF2609E8186EBA09F74E8543ED73A1FB84758F54403ADA4E87B99DF38D658C700
                                                                                                                                                                                                                                        Function 00007FFB1BB14550 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                                                        • Opcode ID: 1562e59f452b47578b73456cdffd8b8bc6507fedbef9973d76b9af60df7e80a2
                                                                                                                                                                                                                                        • Instruction ID: c5951d10e027814fe3c7cad54675d1c13d05b8682a1f3de496135b93cb8967be
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1562e59f452b47578b73456cdffd8b8bc6507fedbef9973d76b9af60df7e80a2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08312CA6609F81CAEB709F61E8403EE6365FB84754F449439DA4D47AA4DF3CD648CB10
                                                                                                                                                                                                                                        Function 00007FFB1D341A30 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429922505.00007FFB1D341000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB1D340000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429853098.00007FFB1D340000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429947748.00007FFB1D342000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429971284.00007FFB1D343000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1430006201.00007FFB1D344000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1d340000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                                                        • Opcode ID: 7af6d3e7f7e34c059537e11f5101d55855401e4335d46a65a440c931bdec65b4
                                                                                                                                                                                                                                        • Instruction ID: cbeaa0a4d918c850a4dd0365c52cf7d2be6448c03d25a60676c45222d009cbfa
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7af6d3e7f7e34c059537e11f5101d55855401e4335d46a65a440c931bdec65b4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86311BB6609E8189EB609F70F8803E9A3A2FB88754F444539DA4D57A94EF3CD548C714
                                                                                                                                                                                                                                        Function 00007FFB0BE42FF8 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                                                        • Opcode ID: 95a6715441451f332765c81f1ec3e8738af08fa5e0456622ef6d16990be337b9
                                                                                                                                                                                                                                        • Instruction ID: 2d93e1da2d6c90595702bf1a5ad49fa422f188e848e28e84d48e74c61a778663
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95a6715441451f332765c81f1ec3e8738af08fa5e0456622ef6d16990be337b9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D314CB2609A8186EB649F70E850BED7365FB84744F44883ADA4F87BA8DF38D549C704
                                                                                                                                                                                                                                        Function 00007FFB0BE44B98 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Bytes_FromO_freeR_clear_errorR_peek_last_errorSizeStringX509i2d_
                                                                                                                                                                                                                                        • String ID: D:\_w\1\s\Modules\_ssl.c
                                                                                                                                                                                                                                        • API String ID: 2720122973-1570913985
                                                                                                                                                                                                                                        • Opcode ID: 19e2679dd5dfa36682f55943ed2bccd975b8f384d39644d0fcaa4f257ee16970
                                                                                                                                                                                                                                        • Instruction ID: 4298a7c318d4f7b538b8684dea09b8b8b3e5ec981b4917175f1b3ca05f404329
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19e2679dd5dfa36682f55943ed2bccd975b8f384d39644d0fcaa4f257ee16970
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EEF01295B1964282EF049B71E804B79A361BF85B95F049934DD4E87764DFBDD1054B00
                                                                                                                                                                                                                                        Function 00007FFB1BB16108 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_memcmp
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2788248766-0
                                                                                                                                                                                                                                        • Opcode ID: 1c0cadae0edf8922b451bbc560b33f0dea375b368797e24c1ced72a20902c896
                                                                                                                                                                                                                                        • Instruction ID: 733b47c83b5d57c04c37b84cf8db1d24839beda69bae3014d2dacfd73615ee3c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c0cadae0edf8922b451bbc560b33f0dea375b368797e24c1ced72a20902c896
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3D0C252F0478D42CF1CC7A7FE844A89153ABACBD075DC035AE0D83B65C83CC4A04500
                                                                                                                                                                                                                                        Function 00007FFB0BE41610 Relevance: 331.1, APIs: 94, Strings: 95, Instructions: 393COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_$Constant$Object$String
                                                                                                                                                                                                                                        • String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$ALERT_DESCRIPTION_ACCESS_DENIED$ALERT_DESCRIPTION_BAD_CERTIFICATE$ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE$ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE$ALERT_DESCRIPTION_BAD_RECORD_MAC$ALERT_DESCRIPTION_CERTIFICATE_EXPIRED$ALERT_DESCRIPTION_CERTIFICATE_REVOKED$ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN$ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE$ALERT_DESCRIPTION_CLOSE_NOTIFY$ALERT_DESCRIPTION_DECODE_ERROR$ALERT_DESCRIPTION_DECOMPRESSION_FAILURE$ALERT_DESCRIPTION_DECRYPT_ERROR$ALERT_DESCRIPTION_HANDSHAKE_FAILURE$ALERT_DESCRIPTION_ILLEGAL_PARAMETER$ALERT_DESCRIPTION_INSUFFICIENT_SECURITY$ALERT_DESCRIPTION_INTERNAL_ERROR$ALERT_DESCRIPTION_NO_RENEGOTIATION$ALERT_DESCRIPTION_PROTOCOL_VERSION$ALERT_DESCRIPTION_RECORD_OVERFLOW$ALERT_DESCRIPTION_UNEXPECTED_MESSAGE$ALERT_DESCRIPTION_UNKNOWN_CA$ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY$ALERT_DESCRIPTION_UNRECOGNIZED_NAME$ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE$ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION$ALERT_DESCRIPTION_USER_CANCELLED$CERT_NONE$CERT_OPTIONAL$CERT_REQUIRED$ENCODING_DER$ENCODING_PEM$HAS_ALPN$HAS_ECDH$HAS_NPN$HAS_SNI$HAS_SSLv2$HAS_SSLv3$HAS_TLS_UNIQUE$HAS_TLSv1$HAS_TLSv1_1$HAS_TLSv1_2$HAS_TLSv1_3$HOSTFLAG_ALWAYS_CHECK_SUBJECT$HOSTFLAG_MULTI_LABEL_WILDCARDS$HOSTFLAG_NEVER_CHECK_SUBJECT$HOSTFLAG_NO_PARTIAL_WILDCARDS$HOSTFLAG_NO_WILDCARDS$HOSTFLAG_SINGLE_LABEL_SUBDOMAINS$OP_ALL$OP_CIPHER_SERVER_PREFERENCE$OP_ENABLE_MIDDLEBOX_COMPAT$OP_NO_COMPRESSION$OP_NO_RENEGOTIATION$OP_NO_SSLv2$OP_NO_SSLv3$OP_NO_TICKET$OP_NO_TLSv1$OP_NO_TLSv1_1$OP_NO_TLSv1_2$OP_NO_TLSv1_3$OP_SINGLE_DH_USE$OP_SINGLE_ECDH_USE$PROTOCOL_SSLv23$PROTOCOL_TLS$PROTOCOL_TLS_CLIENT$PROTOCOL_TLS_SERVER$PROTOCOL_TLSv1$PROTOCOL_TLSv1_1$PROTOCOL_TLSv1_2$PROTO_MAXIMUM_SUPPORTED$PROTO_MINIMUM_SUPPORTED$PROTO_SSLv3$PROTO_TLSv1$PROTO_TLSv1_1$PROTO_TLSv1_2$PROTO_TLSv1_3$SSL_ERROR_EOF$SSL_ERROR_INVALID_ERROR_CODE$SSL_ERROR_SSL$SSL_ERROR_SYSCALL$SSL_ERROR_WANT_CONNECT$SSL_ERROR_WANT_READ$SSL_ERROR_WANT_WRITE$SSL_ERROR_WANT_X509_LOOKUP$SSL_ERROR_ZERO_RETURN$VERIFY_ALLOW_PROXY_CERTS$VERIFY_CRL_CHECK_CHAIN$VERIFY_CRL_CHECK_LEAF$VERIFY_DEFAULT$VERIFY_X509_PARTIAL_CHAIN$VERIFY_X509_STRICT$VERIFY_X509_TRUSTED_FIRST$_DEFAULT_CIPHERS
                                                                                                                                                                                                                                        • API String ID: 435332665-2778531764
                                                                                                                                                                                                                                        • Opcode ID: 087b554a5dc1f748c98344262231e3f29667ef4bb116aa8e9d63603987e6736c
                                                                                                                                                                                                                                        • Instruction ID: 5c3170d1dc1cb0f6120ed319239977e6797d56f87396e1623934a6eb81fcb27c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 087b554a5dc1f748c98344262231e3f29667ef4bb116aa8e9d63603987e6736c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A22EBE4B18B1691FA1DAF79EC54A752321AF4ABA1F84D831CC0F867749FADE548C700
                                                                                                                                                                                                                                        Function 00007FFB0BE44F24 Relevance: 103.6, APIs: 48, Strings: 11, Instructions: 310COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$String$Dict_$Item$List_$X509_$From$SizeUnicode_$AppendE_printO_ctrlO_freeO_getsTupleX509_get0_notY_set$AfterBeforeE_entry_countE_get_entryErr_LongLong_O_newO_s_memX509_get_issuer_nameX509_get_subject_nameX509_get_versionY_get_dataY_get_object
                                                                                                                                                                                                                                        • String ID: OCSP$caIssuers$crlDistributionPoints$failed to allocate BIO$issuer$notAfter$notBefore$serialNumber$subject$subjectAltName$version
                                                                                                                                                                                                                                        • API String ID: 558561668-857226466
                                                                                                                                                                                                                                        • Opcode ID: 5c0970f7e8b1bc03234a08dec1953f7ce0db3864151ed45a9e2f0e22b19d1304
                                                                                                                                                                                                                                        • Instruction ID: 34c74459ae822ac57170c54be030c33f2b7922791260983d8686dbaa8237be49
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c0970f7e8b1bc03234a08dec1953f7ce0db3864151ed45a9e2f0e22b19d1304
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4D1F5A5B09B4382EA5D9B32E964A7963A1BF95B85F04CC31CD0FC6774EF6CE9048340
                                                                                                                                                                                                                                        Function 00007FFB1C4FDCF0 Relevance: 77.2, APIs: 25, Strings: 19, Instructions: 209COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$ImportImport_Module$FreeMem__wcsdup
                                                                                                                                                                                                                                        • String ID: <Error getting traceback - cStringIO.StringIO() failed>$<Error getting traceback - can't find cStringIO.StringIO>$<Error getting traceback - can't find getvalue function>$<Error getting traceback - can't find traceback.print_exception>$<Error getting traceback - can't import cStringIO>$<Error getting traceback - can't import traceback>$<Error getting traceback - can't make print_exception arguments>$<Error getting traceback - getvalue() did not return a string>$<Error getting traceback - getvalue() failed.>$<Error getting traceback - traceback.print_exception() failed>$<NULL!!>$Getting WCHAR string$None is not a valid string in this context$OOOOOi$Objects of type '%s' can not be converted to Unicode.$StringIO$getvalue$print_exception$traceback
                                                                                                                                                                                                                                        • API String ID: 2735870070-3599414692
                                                                                                                                                                                                                                        • Opcode ID: 0e84dec2a1896dd2340810264128e36d7e52877ab06a193e2bf776317c418fff
                                                                                                                                                                                                                                        • Instruction ID: fad0bc48fb17d8e7470d0f3dc6e9e61a187e78ab49a2537564e457dc10697468
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e84dec2a1896dd2340810264128e36d7e52877ab06a193e2bf776317c418fff
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C29108E1A0DE4281FA95DF35E85D2F923A3BF94BA8F644031D95E82754EF2CE5248301
                                                                                                                                                                                                                                        Function 00007FFB0BE47A70 Relevance: 70.2, APIs: 37, Strings: 3, Instructions: 200threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$DeallocR_clear_errorStringUnicode_X_set_default_passwd_cbX_set_default_passwd_cb_userdata$ConverterEval_ExceptionFreeMatchesMem_Thread_errno$Callable_CheckErrnoFormatFromRestoreSaveX_get_default_passwd_cbX_get_default_passwd_cb_userdataX_use_certificate_chain_file
                                                                                                                                                                                                                                        • String ID: certfile should be a valid filesystem path$keyfile should be a valid filesystem path$password should be a string or callable
                                                                                                                                                                                                                                        • API String ID: 3509269797-998072137
                                                                                                                                                                                                                                        • Opcode ID: 5e6fa0cdb46625f9f5d553099d87762a92b88a42e4cb417bf9dc453bbb2a16a2
                                                                                                                                                                                                                                        • Instruction ID: 4ef756ec758df8af51c8a504eb8357d5c43f4344e6f76b5ee7561fc1562fc1d1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e6fa0cdb46625f9f5d553099d87762a92b88a42e4cb417bf9dc453bbb2a16a2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45A1B9A6B09A4296EB189F71EC549792361FF89B99B14C831CE0F83A74CF7DE855C340
                                                                                                                                                                                                                                        Function 00007FFB0BE42074 Relevance: 64.9, APIs: 18, Strings: 19, Instructions: 120COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_$ObjectWith$Err_Exception$Dealloc$BasesFromPackSpecStateTuple_Type_
                                                                                                                                                                                                                                        • String ID: A certificate could not be verified.$Non-blocking SSL socket needs to read more databefore the requested operation can be completed.$Non-blocking SSL socket needs to write more databefore the requested operation can be completed.$SSL/TLS connection terminated abruptly.$SSL/TLS session closed cleanly.$SSLCertVerificationError$SSLEOFError$SSLError$SSLSyscallError$SSLWantReadError$SSLWantWriteError$SSLZeroReturnError$System error when attempting SSL operation.$ssl.SSLCertVerificationError$ssl.SSLEOFError$ssl.SSLSyscallError$ssl.SSLWantReadError$ssl.SSLWantWriteError$ssl.SSLZeroReturnError
                                                                                                                                                                                                                                        • API String ID: 2091157252-1330971811
                                                                                                                                                                                                                                        • Opcode ID: fc4050dd24ae07e49e1874c1e8eabbd8ca18ce129b1e7f8f018ed1c9d7c1ee11
                                                                                                                                                                                                                                        • Instruction ID: aa95bfc31cb82cb96f724b6e456a9d10f58e2d8aa3f2bfa9ffcb660df0e20d7e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc4050dd24ae07e49e1874c1e8eabbd8ca18ce129b1e7f8f018ed1c9d7c1ee11
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD5117E1A19B0391FA589B76EC4496427A0FF49B94B00D835CA0FD3A74EF3CE55AC340
                                                                                                                                                                                                                                        Function 00007FFB0BE4B02C Relevance: 63.2, APIs: 29, Strings: 7, Instructions: 227COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • _Py_BuildValue_SizeT.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B085
                                                                                                                                                                                                                                        • PyDict_GetItemWithError.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B09E
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B0B0
                                                                                                                                                                                                                                        • PyErr_Occurred.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B0BB
                                                                                                                                                                                                                                        • PyLong_FromLong.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B0CC
                                                                                                                                                                                                                                        • PyDict_GetItemWithError.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B0E5
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B0F7
                                                                                                                                                                                                                                        • PyErr_Occurred.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B102
                                                                                                                                                                                                                                        • ERR_reason_error_string.LIBCRYPTO-1_1(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B121
                                                                                                                                                                                                                                        • SSL_get_verify_result.LIBSSL-1_1(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B164
                                                                                                                                                                                                                                        • PyLong_FromLong.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B16E
                                                                                                                                                                                                                                        • X509_verify_cert_error_string.LIBCRYPTO-1_1(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B18C
                                                                                                                                                                                                                                        • PyUnicode_FromString.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B19A
                                                                                                                                                                                                                                        • PyUnicode_FromFormat.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B1C3
                                                                                                                                                                                                                                        • PyUnicode_FromFormat.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B1FF
                                                                                                                                                                                                                                        • PyUnicode_FromFormat.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B22C
                                                                                                                                                                                                                                        • PyUnicode_FromFormat.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B24E
                                                                                                                                                                                                                                        • PyUnicode_FromFormat.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B268
                                                                                                                                                                                                                                        • _Py_BuildValue_SizeT.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B28E
                                                                                                                                                                                                                                        • PyObject_CallObject.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B2AB
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B2BE
                                                                                                                                                                                                                                        • PyObject_SetAttr.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B2E5
                                                                                                                                                                                                                                        • PyObject_SetAttr.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B307
                                                                                                                                                                                                                                        • PyObject_SetAttr.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B331
                                                                                                                                                                                                                                        • PyObject_SetAttr.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B348
                                                                                                                                                                                                                                        • PyErr_SetObject.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B358
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B367
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B37B
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,00000000,00000000,00000000,00007FFB0BE46164), ref: 00007FFB0BE4B38F
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: From$DeallocUnicode_$FormatObject_$Attr$Err_$BuildDict_ErrorItemLongLong_ObjectOccurredSizeValue_With$CallL_get_verify_resultR_reason_error_stringStringX509_verify_cert_error_string
                                                                                                                                                                                                                                        • String ID: %s (_ssl.c:%d)$Hostname mismatch, certificate is not valid for '%S'.$IP address mismatch, certificate is not valid for '%S'.$[%S: %S] %s (_ssl.c:%d)$[%S: %S] %s: %S (_ssl.c:%d)$[%S] %s (_ssl.c:%d)$unknown error
                                                                                                                                                                                                                                        • API String ID: 628883730-2914327905
                                                                                                                                                                                                                                        • Opcode ID: dba1cea2827c054c204c8464f4bd01e403ea0ca836033e0a4bc9a359e4701733
                                                                                                                                                                                                                                        • Instruction ID: b088f296318b032edeb60ee3ec4f7a4e9a3d957761312ed0081f59a93c091c01
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dba1cea2827c054c204c8464f4bd01e403ea0ca836033e0a4bc9a359e4701733
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4A10CA1B09A5282EAA99F36E854A7A73A0BF45F95F04C835CD0F87774DF3CE8458300
                                                                                                                                                                                                                                        Function 00007FFB1BB11280 Relevance: 56.3, APIs: 27, Strings: 5, Instructions: 268threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Object_$Module_State$Arg_BufferDeallocDigestErr_Eval_P_get_digestbynameThread$Buffer_CheckD_flagsInit_exKeywordsMemoryParse_Py_hashtable_getReleaseRestoreSaveSizeStringTrueUnpackUpdateX_newX_set_flags
                                                                                                                                                                                                                                        • String ID: Buffer must be single dimension$Strings must be encoded before hashing$name must be a string$object supporting the buffer API required$unsupported hash type %s
                                                                                                                                                                                                                                        • API String ID: 3145466953-2464896590
                                                                                                                                                                                                                                        • Opcode ID: ad77a5c88c3a27c808189bec7979a5edf68e09f480da6ffb44da56f19c7409f0
                                                                                                                                                                                                                                        • Instruction ID: bea2227efed0d8d1ec3fff3b4e241876bb38c010ff3f3895aafc36f004762af4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad77a5c88c3a27c808189bec7979a5edf68e09f480da6ffb44da56f19c7409f0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5C1F5E9A08E42C1EA748B32F85437A62A2FF85BA4F54E131DD4E17EB4DF2CE5458700
                                                                                                                                                                                                                                        Function 00007FFB1C4F25D0 Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 163COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetExplicitEntriesFromAclW.ADVAPI32 ref: 00007FFB1C4F25F3
                                                                                                                                                                                                                                        • PyTuple_New.PYTHON311 ref: 00007FFB1C4F2621
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311 ref: 00007FFB1C4F26C7
                                                                                                                                                                                                                                        • Py_BuildValue.PYTHON311 ref: 00007FFB1C4F2826
                                                                                                                                                                                                                                        • PyTuple_SetItem.PYTHON311 ref: 00007FFB1C4F283A
                                                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 00007FFB1C4F28AD
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC0BB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC12A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyUnicode_DecodeMBCS.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC1FB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC210
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC228
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyErr_SetObject.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC23D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_Dealloc.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC24C
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: BuildErr_FreeLocalTuple_$DeallocDecodeEntriesErrorExplicitFormatFromItemLastMessageObjectSizeStringUnicode_ValueValue_
                                                                                                                                                                                                                                        • String ID: AccessMode$AccessPermissions$GetExplicitEntriesFromAcl$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                        • API String ID: 2366750547-3224252679
                                                                                                                                                                                                                                        • Opcode ID: 076558b2244a8d0a7deb2a20515aa9d607667201652d5d87c3c46e02e8169b79
                                                                                                                                                                                                                                        • Instruction ID: 4eee1b1c5e4130079850b810e5fdff1410483a133643377572d998f75d5b22a7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 076558b2244a8d0a7deb2a20515aa9d607667201652d5d87c3c46e02e8169b79
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99815CF5A0CF4686EBA08F65E4492EA73A2FB85BA4F644135CA4D83764DF3CE564C700
                                                                                                                                                                                                                                        Function 00007FFB1BB11000 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 203threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_P_get_digestbynameState$BufferBuffer_Err_Eval_ReleaseStringThread$CheckD_flagsDeallocDigestInit_exPy_hashtable_getRestoreSaveX_newX_set_flags
                                                                                                                                                                                                                                        • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required$unsupported hash type %s
                                                                                                                                                                                                                                        • API String ID: 1905720158-26133693
                                                                                                                                                                                                                                        • Opcode ID: 47409d1aec3ef5560f1750d474ac67ceef21e75c20c3046fa5d61b908efa926e
                                                                                                                                                                                                                                        • Instruction ID: 96ab2bb2c880b756dc7e7c4749d340e140e7c4b0978da0cbba733f9d8c5408bc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47409d1aec3ef5560f1750d474ac67ceef21e75c20c3046fa5d61b908efa926e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74911AE9E08E42C1EA749B32F84437B62A6FF85BA0F14E131D94E03EB4DE2CE4558640
                                                                                                                                                                                                                                        Function 00007FFB1C4F9E30 Relevance: 47.4, APIs: 21, Strings: 6, Instructions: 196COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Dealloc$String$BuildLongNumber_Object_Value$ArgumentAttrCallCheckClearFormatLong_ObjectOccurredSubtypeType__mktime64
                                                                                                                                                                                                                                        • String ID: (d)$Objects of type '%s' can not be used as a time object$iiiiiiiii|i$mktime argument out of range$timetuple$year out of range
                                                                                                                                                                                                                                        • API String ID: 2536892105-3179837657
                                                                                                                                                                                                                                        • Opcode ID: 04a92b17f9ec1e763b462e936843c1099fb77a7567010bb83fa9703981d2fb4e
                                                                                                                                                                                                                                        • Instruction ID: aab1f9405a6b5f242f8c10d226cffc33cd8f026e54380b49f808c92192fc9eb0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04a92b17f9ec1e763b462e936843c1099fb77a7567010bb83fa9703981d2fb4e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 619172F1A09E4289EB958F35E8592F933A2FF85BA8F644135D90E86754EF3CE065C700
                                                                                                                                                                                                                                        Function 00007FFB0BE4AB9C Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 143COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: J_nid2ln$BuildR_descriptionR_get_auth_nidR_get_bitsR_get_cipher_nidR_get_digest_nidR_get_idR_get_kx_nidR_get_nameR_get_versionR_is_aeadSizeValue_memset
                                                                                                                                                                                                                                        • String ID: aead$alg_bits$auth$description$digest$kea$name$protocol$strength_bits$symmetric${sksssssssisisOssssssss}
                                                                                                                                                                                                                                        • API String ID: 2466739568-4085912083
                                                                                                                                                                                                                                        • Opcode ID: ddcf11265b4034aed17dc42ce36f132dbccb6f3bb432ad2af651c2844ee33281
                                                                                                                                                                                                                                        • Instruction ID: 365d01c71fd083d10933257586f9cf27706402bfafc107e68d32d01a25a5e80b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ddcf11265b4034aed17dc42ce36f132dbccb6f3bb432ad2af651c2844ee33281
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5614F75A09B8285EB648B31F844AAA73A4FB88790F449A36D99FC3774DF3CE444C700
                                                                                                                                                                                                                                        Function 00007FFB1C4FDAE0 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 106libraryloadermemoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressProc$CriticalSection$AllocDeleteFreeHandleInitializeLibraryLoadModule
                                                                                                                                                                                                                                        • String ID: AddAccessAllowedAce$AddAccessAllowedAceEx$AddAccessAllowedObjectAce$AddAccessDeniedAce$AddAccessDeniedAceEx$AddAccessDeniedObjectAce$AddAuditAccessAceEx$AddAuditAccessObjectAce$AddMandatoryAce$AdvAPI32.dll$SetSecurityDescriptorControl
                                                                                                                                                                                                                                        • API String ID: 3842108915-2689366622
                                                                                                                                                                                                                                        • Opcode ID: 3aca993286b1ba4464cb2b6ba007b0c5f8273e4294652cfb321a56ea0970db2b
                                                                                                                                                                                                                                        • Instruction ID: 3b2cfe30ca72ac9010bb3a0dae16cebc327e4e38370dfe034be4d49c1be34771
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3aca993286b1ba4464cb2b6ba007b0c5f8273e4294652cfb321a56ea0970db2b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D51A6E5B09F06D5EE85DB25FCAE1B573A2AF98BA5F641035D84E83321DF3CA4588700
                                                                                                                                                                                                                                        Function 00007FFB0BE491A4 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 228threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyWeakref_GetObject.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE491DD
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE4920A
                                                                                                                                                                                                                                        • PyBytes_FromStringAndSize.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE49256
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE49280
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE492C6
                                                                                                                                                                                                                                        • SSL_get_rbio.LIBSSL-1_1(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE492EE
                                                                                                                                                                                                                                        • BIO_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE49303
                                                                                                                                                                                                                                        • SSL_get_wbio.LIBSSL-1_1(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE4930D
                                                                                                                                                                                                                                        • BIO_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE4931E
                                                                                                                                                                                                                                        • _PyDeadline_Init.PYTHON311 ref: 00007FFB0BE4933A
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE4934D
                                                                                                                                                                                                                                        • SSL_read_ex.LIBSSL-1_1(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE49365
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE49399
                                                                                                                                                                                                                                        • PyErr_CheckSignals.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE493AE
                                                                                                                                                                                                                                        • _PyDeadline_Get.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE493C8
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE49497
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE46120: ERR_peek_last_error.LIBCRYPTO-1_1 ref: 00007FFB0BE46138
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE46120: ERR_clear_error.LIBCRYPTO-1_1 ref: 00007FFB0BE46164
                                                                                                                                                                                                                                        • SSL_get_shutdown.LIBSSL-1_1(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE49419
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE4945D
                                                                                                                                                                                                                                        • _PyBytes_Resize.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE49470
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE494BD
                                                                                                                                                                                                                                        • PyLong_FromSize_t.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFB0BE49172), ref: 00007FFB0BE494CC
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Err_String$Bytes_Deadline_Eval_FromO_ctrlThread$CheckInitL_get_rbioL_get_shutdownL_get_wbioL_read_exLong_ObjectR_clear_errorR_peek_last_errorResizeRestoreSaveSignalsSizeSize_tWeakref_
                                                                                                                                                                                                                                        • String ID: The read operation timed out$Underlying socket connection gone$maximum length can't fit in a C 'int'$size should not be negative
                                                                                                                                                                                                                                        • API String ID: 2735577670-665203206
                                                                                                                                                                                                                                        • Opcode ID: 945903b042e6fcb75e0c556a2810d23f13ead71ea5e61f21a7661f1de0b6fb1f
                                                                                                                                                                                                                                        • Instruction ID: 09de1a455c2ac182b85e51a9b1bb90957937af7ee3d6602d4eab7b0114bddf88
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 945903b042e6fcb75e0c556a2810d23f13ead71ea5e61f21a7661f1de0b6fb1f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1A143A5E09A1289EB699B72E840D7A23A1FF85B94F05CD35CD0F97A75DF3CE8458300
                                                                                                                                                                                                                                        Function 00007FFB1C4F3E20 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 181COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Err_Sequence_String$Arg_FreeParseTuple$CheckEntriesItemKeywordsLocalMem_SizeTuple_freemallocmemset
                                                                                                                                                                                                                                        • String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$O:SetEntriesInAcl$Parm must be a list of EXPLICIT_ACCESS dictionaries$SetEntriesInAcl$SetEntriesInAcl: unable to allocate EXPLICIT_ACCESS_W$lllO
                                                                                                                                                                                                                                        • API String ID: 1438466550-1140684800
                                                                                                                                                                                                                                        • Opcode ID: 5011e2145377e9c7141fba0bfdc4dfcb201d811c217c2a0fc5dbb51bb2cef7ba
                                                                                                                                                                                                                                        • Instruction ID: 3226ce33ff283bbc30ff8136231059fd91332c8df69a45a4e9e217d1d96995bb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5011e2145377e9c7141fba0bfdc4dfcb201d811c217c2a0fc5dbb51bb2cef7ba
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5814CE1A0DF4285EA909B35E8592FA63A2FF85BA8F645035DE4E83754DF3CE465C300
                                                                                                                                                                                                                                        Function 00007FFB1C4F5A70 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 161COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$Buffer_FormatFromRelease$Arg_BufferCharFreeMem_Object_ParseProgReferenceTupleUnicode_Widemalloc
                                                                                                                                                                                                                                        • String ID: <NULL!!>$Buffer cannot be None$Buffer length can be at most %d characters$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$O|i$string too small - must be at least %d bytes (got %d)
                                                                                                                                                                                                                                        • API String ID: 4105764891-2902820477
                                                                                                                                                                                                                                        • Opcode ID: 7c8a7ddfe8fc359a3121d9237b4f18d7d0dc5cc7a48ff25f96afe01087c70408
                                                                                                                                                                                                                                        • Instruction ID: 39f8b0137a59ddd9396b7efa1c08cf07a4033e5cdce269cceb5bd887e9d8a52a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c8a7ddfe8fc359a3121d9237b4f18d7d0dc5cc7a48ff25f96afe01087c70408
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D81E8F1A08F4285EB90CB79D8691F823A2BB84BA8F645436DE0E97655DF3CE564C340
                                                                                                                                                                                                                                        Function 00007FFB1C4F7430 Relevance: 42.1, APIs: 17, Strings: 7, Instructions: 134COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$DescriptorSecurity$String$Arg_Buffer_ParseReleaseTuplefreemalloc$BufferClearControlDeallocFormatInitializeLengthObject_OccurredReferenceValid
                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters$Data is not a valid security descriptor$O:SECURITY_DESCRIPTOR$Security descriptor created from a buffer must be self relative$Security descriptors are not supported on this platform$|l:SECURITY_DESCRIPTOR
                                                                                                                                                                                                                                        • API String ID: 929864077-2729865943
                                                                                                                                                                                                                                        • Opcode ID: f862258e2af5a6a23ef2f718808bc24a30f64c157d983f0b14ad3e8b599c8366
                                                                                                                                                                                                                                        • Instruction ID: 4aa631c97f7ee7c5243cf684829a1afb47efed65b8c34343fff9906d8f499445
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f862258e2af5a6a23ef2f718808bc24a30f64c157d983f0b14ad3e8b599c8366
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B51FAE1A0CE4281EA94DB39E9592F923A3FB84BB4F645035D94E87A55DF2CE465C300
                                                                                                                                                                                                                                        Function 00007FFB0BE45F2C Relevance: 42.1, APIs: 23, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Err_State_$ReleaseUnraisableWrite$ArgsCallFunctionObjectObject_$EncodedEnsureFromL_get_ex_dataL_get_servernameLongLong_OccurredUnicode_Weakref_
                                                                                                                                                                                                                                        • String ID: ascii
                                                                                                                                                                                                                                        • API String ID: 3188396730-3510295289
                                                                                                                                                                                                                                        • Opcode ID: 2fba3a55ba37abf2399f2e0f9378455664650a47cc484c71c1fad3767778a072
                                                                                                                                                                                                                                        • Instruction ID: 055c6fb3204678e1c8dca8efc0ef202ae68ed39aebe6ff232249dd80bf077bec
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fba3a55ba37abf2399f2e0f9378455664650a47cc484c71c1fad3767778a072
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F511BA5A09A5286EA1C9F72D81893963A0BF49FD5F04C870DE4F87B74DF3CA8469304
                                                                                                                                                                                                                                        Function 00007FFB1C4F78A0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 181COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AbsoluteErr_FormatMakemallocmemset
                                                                                                                                                                                                                                        • String ID: ($MakeAbsoluteSD$Unable to allocate %d bytes
                                                                                                                                                                                                                                        • API String ID: 1436552674-2130869594
                                                                                                                                                                                                                                        • Opcode ID: 7b89670e49b0c6407a91c96c15a41b1109f55394a14dfb259d937d1881367653
                                                                                                                                                                                                                                        • Instruction ID: a57d3524e45f5f06303e01bd3124e1eee0ce43624055b71811a445b921a6a6cc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b89670e49b0c6407a91c96c15a41b1109f55394a14dfb259d937d1881367653
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81811DB1B09E428AEB95CF76E4486E937A2BB88BA8F244035DD4DC7754EF3CD5648700
                                                                                                                                                                                                                                        Function 00007FFB1C4F23E0 Relevance: 38.6, APIs: 9, Strings: 13, Instructions: 107COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: BuildErr_StringValue$CharFromUnicode_Wide
                                                                                                                                                                                                                                        • String ID: AccessMode$AccessPermissions$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                        • API String ID: 4150572817-4268317626
                                                                                                                                                                                                                                        • Opcode ID: 4d78b767f85eab951b420422917a575843dcbcb316b5037d3ebce16347387039
                                                                                                                                                                                                                                        • Instruction ID: 633175293e27b3f24c4709710b30e0fd189e70446dd6a8f7b8f10ce4f0d381fc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d78b767f85eab951b420422917a575843dcbcb316b5037d3ebce16347387039
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E512CF1A08F4286E7A18F65E8491E973A2FB88B74F604135DA8E83764DF3CE565C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F3800 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 171COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Format$AccessAuditObjectfree$Arg_ErrorLastLengthParseStringTuplemallocmemcpymemset
                                                                                                                                                                                                                                        • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessObjectAce$AddAuditAccessObjectAce not supported by this version of Windows$AddAuditAccessObjectAce: unable to allocated %d bytes$PyACL::AddAuditAccessObjectAce$The object is not a PySID object$lllOOOii:AddAuditAccessObjectAce
                                                                                                                                                                                                                                        • API String ID: 282185603-1609464327
                                                                                                                                                                                                                                        • Opcode ID: 06ac201d1101fa7b0cd6fefcdfb4513edc188ebf7c05418b54fff1669d57c139
                                                                                                                                                                                                                                        • Instruction ID: 24e755e32ea029be1bcd3948201e26de1e45944ea6166571c7a9289fee067bed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06ac201d1101fa7b0cd6fefcdfb4513edc188ebf7c05418b54fff1669d57c139
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04811CE6B08E4286EB50DB75E4995ED73A2FB88BA8F604135DE4E83A54DF3CD425C700
                                                                                                                                                                                                                                        Function 00007FFB1BB11E10 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 162COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Buffer_$Arg_BufferContiguousObject_Release$ArgumentErr_KeywordsLongLong_OccurredSizeUnicode_Unpack
                                                                                                                                                                                                                                        • String ID: argument 'hash_name'$argument 'password'$argument 'salt'$contiguous buffer$embedded null character$pbkdf2_hmac$str
                                                                                                                                                                                                                                        • API String ID: 448224016-2023054051
                                                                                                                                                                                                                                        • Opcode ID: 27a4c26254388b6b2e29c09bbf88a31281e14d855b7bc56a3b7abf6295da8211
                                                                                                                                                                                                                                        • Instruction ID: cd1d489f9c9842d825fea34d340616ec3107411245881b8cbbf0f11c813b95de
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27a4c26254388b6b2e29c09bbf88a31281e14d855b7bc56a3b7abf6295da8211
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20810DA5A08FC6C2EA308F22F8443BA6362FB957A4F40A235D95D47A75DF3CE545C700
                                                                                                                                                                                                                                        Function 00007FFB1BB1554C Relevance: 36.9, APIs: 17, Strings: 4, Instructions: 148COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ReadyUnicode_$Arg_Bool_CheckFromLongPositional
                                                                                                                                                                                                                                        • String ID: Buffer must be single dimension$compare_digest$comparing strings with non-ASCII characters is not supported$unsupported operand types(s) or combination of types: '%.100s' and '%.100s'
                                                                                                                                                                                                                                        • API String ID: 960716163-2538118963
                                                                                                                                                                                                                                        • Opcode ID: ea7af252de4ceeb74774b7f990d08ed533ed73ca67320277703c296adbbde5c8
                                                                                                                                                                                                                                        • Instruction ID: ac5149c82c2ed5a19dd6b8b7f645081a4bbb5489f1e93759490c82542a6b7245
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea7af252de4ceeb74774b7f990d08ed533ed73ca67320277703c296adbbde5c8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D616EE9A18E46C2EB348B36F84437A2362FF45BA4F58A131D95E47AB4DF2CE445C740
                                                                                                                                                                                                                                        Function 00007FFB1C4F35A0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 136COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Arg_FormatParseStringTuple
                                                                                                                                                                                                                                        • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAceEx$AddAuditAccessAceEx not supported by this version of Windows$AddAuditAccessAceEx: unable to allocated %d bytes$PyACL::AddAuditAccessAceEx$The object is not a PySID object$lllOii:AddAuditAccessAceEx
                                                                                                                                                                                                                                        • API String ID: 901859003-3541680958
                                                                                                                                                                                                                                        • Opcode ID: 3c33f62b4a036a6108cfee2ec2d60d8d2899a95d8f36779d6472d8a88d3df711
                                                                                                                                                                                                                                        • Instruction ID: 51133532d3e628396b9e38d03ba75a10a008f5242f7c9bf106bb17451a2234b5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c33f62b4a036a6108cfee2ec2d60d8d2899a95d8f36779d6472d8a88d3df711
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 136120F1A0CE4286EB608B75E4596AA73A2FBC5BA4F604035DA4E83B54DF3CE455C700
                                                                                                                                                                                                                                        Function 00007FFB0BE44C08 Relevance: 36.2, APIs: 24, Instructions: 150COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocList_$X509_$AppendTuple$Y_set$E_entry_countE_get_entryY_get_dataY_get_object
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3918441104-0
                                                                                                                                                                                                                                        • Opcode ID: 5c693c3d0c30dfd6a4b51b535b01f881eb0b98ed7595a362c085212586092b73
                                                                                                                                                                                                                                        • Instruction ID: c2b5d4faa97700314b8e01d7a5cc02addbbade3aa9ab49fe2866a9d188b0ed16
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c693c3d0c30dfd6a4b51b535b01f881eb0b98ed7595a362c085212586092b73
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7451CBA5B09A0241FA5D5F76E958A3962F1AF85F95F08C834CD0F86BB4EF2CE8458300
                                                                                                                                                                                                                                        Function 00007FFB1C4FB410 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 143COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$DeallocFormatString$CharFreeMem_Sequence_TupleUnicode_Widefreemallocmemset
                                                                                                                                                                                                                                        • String ID: <NULL!!>$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Sequence can contain at most %d items$Unable to allocate %d bytes
                                                                                                                                                                                                                                        • API String ID: 1433913835-2102981847
                                                                                                                                                                                                                                        • Opcode ID: 10967acf963b3c44dcbbceca9212e21c83928e04f2c947a67496310e2da90c71
                                                                                                                                                                                                                                        • Instruction ID: 40cc61c55b5fecb0137342df6c0b5a2b2d2d35b9cdfded15935e57d577ec0539
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10967acf963b3c44dcbbceca9212e21c83928e04f2c947a67496310e2da90c71
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98512FF1A08F5285EA91DF39E4491B963A2FB85BA8F254031DE4D87B61DF3CE865C700
                                                                                                                                                                                                                                        Function 00007FFB0BE449B4 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 131COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_clear_errorR_peek_last_error$E_add_certErr_M_read_bio_O_freeO_new_mem_bufStringX509X509_X509_bioX509_freeX_get_cert_storeX_get_default_passwd_cbX_get_default_passwd_cb_userdatad2i_
                                                                                                                                                                                                                                        • String ID: Can't allocate buffer$Certificate data is too long.$Empty certificate data$no start line: cadata does not contain a certificate$not enough data: cadata does not contain a certificate
                                                                                                                                                                                                                                        • API String ID: 3308083359-3246380861
                                                                                                                                                                                                                                        • Opcode ID: e6d07f062fb0358ed7e1a05e2d366fada6e223b622169d5ae3386714d4c76579
                                                                                                                                                                                                                                        • Instruction ID: 7a8e4b5d13f471f293936f246608d6c08e861c57136f32b1aebf6ad825fbf4b4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6d07f062fb0358ed7e1a05e2d366fada6e223b622169d5ae3386714d4c76579
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 265153A1B08A4381FB689B36EC51B3962A1AF84B94F14CD31D91FC27F4DF7CE4499204
                                                                                                                                                                                                                                        Function 00007FFB1C4F33A0 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 123COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$AccessAuditFormatfree$Arg_ErrorLastLengthParseStringTuplemallocmemcpymemset
                                                                                                                                                                                                                                        • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAce$AddAuditAccessAce: unable to allocated %d bytes$PyACL::AddAuditAccessAce$The object is not a PySID object$llOii:AddAuditAccessAce
                                                                                                                                                                                                                                        • API String ID: 3041754842-240227349
                                                                                                                                                                                                                                        • Opcode ID: 3dcef9d2ccd5cb51284195cde2a8345c56429cb37018eecb45fe48e5d0d538b2
                                                                                                                                                                                                                                        • Instruction ID: a7596cf861e8af9a587710db71c2ba9a3c3fe919618466cd4845be668e2bfe88
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3dcef9d2ccd5cb51284195cde2a8345c56429cb37018eecb45fe48e5d0d538b2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45513DE1A0CE5286EB91DF75E8495F933A2FB84BA8F644031D94E83660DF3CE8658700
                                                                                                                                                                                                                                        Function 00007FFB0BE41E50 Relevance: 31.7, APIs: 21, Instructions: 179COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Module_State
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3434497292-0
                                                                                                                                                                                                                                        • Opcode ID: 348124a19f88635d02222b8638982e6a6c3c39815ab1a4fa2bb51ff579068cd2
                                                                                                                                                                                                                                        • Instruction ID: cc65475bba02490d49846d2501b09c14c2f4778795fa843f770bffa337ac30d8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 348124a19f88635d02222b8638982e6a6c3c39815ab1a4fa2bb51ff579068cd2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 338127B5A0EA4281EF5D8FB4D854A3837A4BF45B54B18CD30CA0F96A74CF2DE846E301
                                                                                                                                                                                                                                        Function 00007FFB1C4F82F0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 152COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free$DescriptorSecurity$Err_Group$Arg_DaclFormatOwnerParseSaclStringTupleValidmalloc
                                                                                                                                                                                                                                        • String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorGroup$SetSecurityDescriptorGroup - invalid sid$The object is not a PySID object
                                                                                                                                                                                                                                        • API String ID: 1524979833-2851344522
                                                                                                                                                                                                                                        • Opcode ID: 541d7a5ee6d273b6fb06ed28cfe26874c32064b770cf705c48eb8a5521007eeb
                                                                                                                                                                                                                                        • Instruction ID: 240f88d289f06be18452885356339a02adf15d2cbcb803cb784009c2b75f2a97
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 541d7a5ee6d273b6fb06ed28cfe26874c32064b770cf705c48eb8a5521007eeb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A55150E2B08E2296FB559F79D8581F923A2BF81BA8F644036DD0D87654EF3CE465C300
                                                                                                                                                                                                                                        Function 00007FFB0BE4A564 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Bytes_DeallocDecodeDefaultFromStringUnicode_$BuildSizeValue_X509_get_default_cert_dirX509_get_default_cert_dir_envX509_get_default_cert_fileX509_get_default_cert_file_env
                                                                                                                                                                                                                                        • String ID: NNNN
                                                                                                                                                                                                                                        • API String ID: 3186749377-3742719684
                                                                                                                                                                                                                                        • Opcode ID: 49d7f82aaab7bd3c7d6127b06c8bb1c0969c692ca552abbbf15c5539518aa652
                                                                                                                                                                                                                                        • Instruction ID: 2b1122fbab74fbdcdcd798a2763b66d49082e762e3e47d96ff7f28c693d4f498
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49d7f82aaab7bd3c7d6127b06c8bb1c0969c692ca552abbbf15c5539518aa652
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3351EAA9A49B5285EA5D5F32E92493863A0BF55FA4B08EC70CD0F87774EF2CE8058700
                                                                                                                                                                                                                                        Function 00007FFB1C4F4640 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                        • String ID: <NULL!!>$Attributes of PyDEVMODEW can't be deleted$FormName must be a string of length %d or less$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                        • API String ID: 3849944921-358745228
                                                                                                                                                                                                                                        • Opcode ID: bb702bbc527cdb3c245de78f8c97d6ccff8782c7fc741a3651b7019fb50b98bb
                                                                                                                                                                                                                                        • Instruction ID: 5ac4b58350f92f2d7d18f7df13d7cb7b4b34472b78577a2432f4d669e3f4522c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb702bbc527cdb3c245de78f8c97d6ccff8782c7fc741a3651b7019fb50b98bb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF4121E5E1CF4281EA90DB39E4991B92362FFC5BA4F205131DA4E877A5DF2CE4A5C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F4430 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                        • String ID: <NULL!!>$Attributes of PyDEVMODEW can't be deleted$DeviceName must be a string of length %d or less$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                        • API String ID: 3849944921-3701856451
                                                                                                                                                                                                                                        • Opcode ID: d79b39d8728e63a764bf86fb75a928e8a4f65e4e8cc2b8ba1e2f33227afb13df
                                                                                                                                                                                                                                        • Instruction ID: eb39c05eecaad3249ce86c0f75c6e176b47f0b426e5e375dc8f2efff691a4ace
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d79b39d8728e63a764bf86fb75a928e8a4f65e4e8cc2b8ba1e2f33227afb13df
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B4145E1A1CF4281EA90DF39E4991B96362FFD5BB4F206131DA4E87665DF2CE4A5C300
                                                                                                                                                                                                                                        Function 00007FFB1C4F5D60 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$CharClearFreeMem_Unicode_Wide
                                                                                                                                                                                                                                        • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Only strings and iids can be converted to a CLSID.$value is larger than a DWORD
                                                                                                                                                                                                                                        • API String ID: 443722841-2914159855
                                                                                                                                                                                                                                        • Opcode ID: 8c3c9c6cee21fdce0929d80b92a6c91a104492d3a9c3175e1a72a22aa85cbfbe
                                                                                                                                                                                                                                        • Instruction ID: c7546c62e5c425f625a9938170514b3ee0d622da8674063d62ced2071c0a1f1d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c3c9c6cee21fdce0929d80b92a6c91a104492d3a9c3175e1a72a22aa85cbfbe
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C04107F1A0CF4281EA908B39E45D2B92362BFC8BA8F644131D94E87765DF6CE464C740
                                                                                                                                                                                                                                        Function 00007FFB0BE446F8 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 78threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Eval_FetchState_Thread_errno$EnsureErrnoFilenameFromL_get_ex_dataO_ctrlO_printfObjectReleaseRestoreSaveStringThread_acquire_lockThread_allocate_lockThread_release_lockWith
                                                                                                                                                                                                                                        • String ID: %s$Unable to allocate lock
                                                                                                                                                                                                                                        • API String ID: 2873158514-852672932
                                                                                                                                                                                                                                        • Opcode ID: 785be62ff85d01a7c160658270c85252f1b519afee15b3583a12f4e98b953541
                                                                                                                                                                                                                                        • Instruction ID: e5a6996c15bb298f734eca10e4b124fc291af8f26aa0c0af7ab2239dc5b197e6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 785be62ff85d01a7c160658270c85252f1b519afee15b3583a12f4e98b953541
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7541B5B5A08A4696EB149F36E854A697370FB88B95F40C935CA4F83774DF7CE889C700
                                                                                                                                                                                                                                        Function 00007FFB1C4FC2B0 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 138windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Buffer_CharFormatFromReleaseSizeUnicode_Wide$Arg_BufferBuildDeallocMessageObjectObject_ParseStringTuple_Value_wsprintf
                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters$COM Error 0x%x$iNzz
                                                                                                                                                                                                                                        • API String ID: 4138729927-2401320735
                                                                                                                                                                                                                                        • Opcode ID: d9d08c755b3a2afc3ee69d8f2ba35acd1eb453648e209ecf59e4b45c58c1c15a
                                                                                                                                                                                                                                        • Instruction ID: cf5e5b276e219536fb3e951526dd9f8ad8e07270e0d91f5e62755eeab5106ad1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9d08c755b3a2afc3ee69d8f2ba35acd1eb453648e209ecf59e4b45c58c1c15a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A05147E1A0CE4281EBB09B35E8592F963A2FFC47A4F640135DA8E836A4DF7CD4648704
                                                                                                                                                                                                                                        Function 00007FFB1BB11640 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Buffer_Release$BufferDigestErr_Eval_Object_StringThreadUpdate$CheckRestoreSaveThread_acquire_lockThread_allocate_lockThread_release_lock
                                                                                                                                                                                                                                        • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required
                                                                                                                                                                                                                                        • API String ID: 3566613315-2943709887
                                                                                                                                                                                                                                        • Opcode ID: f2a7dd72decaf4036de30342411c434b92294ce7efe05b65e55e55915d735d21
                                                                                                                                                                                                                                        • Instruction ID: b58a49238eb77778722b1f2925f3eb380fc424d1d71c0ea4b4174f65749c6bfb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2a7dd72decaf4036de30342411c434b92294ce7efe05b65e55e55915d735d21
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4851E7E9B08E42C1E6308B36F84436A62A2FB85BA4F54A131DA4D43FB8DE3CD4468750
                                                                                                                                                                                                                                        Function 00007FFB1C4F7E90 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DescriptorSecurityfree$Err_SaclString$Arg_DaclGroupLengthOwnerParseTupleValid
                                                                                                                                                                                                                                        • String ID: SetSecurityDescriptorSacl$The object is not a PyACL object$iOi:SetSacl
                                                                                                                                                                                                                                        • API String ID: 1467358711-1973599164
                                                                                                                                                                                                                                        • Opcode ID: 9d47271ceb30b456b140652719605b1ba435e0b7504f65d2d85e8a7418864df3
                                                                                                                                                                                                                                        • Instruction ID: a613098db4138ba446aa67e075826bd6cc46285068a9dfe911a351c5af922b70
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d47271ceb30b456b140652719605b1ba435e0b7504f65d2d85e8a7418864df3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A514AE1B08E1285FB95CF79D8486F823A2BF84BA8FA44436DE0E96654DF3CD565C310
                                                                                                                                                                                                                                        Function 00007FFB0BE43B78 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 137COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_clear_error$Err_FromObjectR_peek_last_errorWeakref_Windows
                                                                                                                                                                                                                                        • String ID: A failure in the SSL library occurred$EOF occurred in violation of protocol$Invalid error code$Some I/O error occurred$TLS/SSL connection has been closed (EOF)$The operation did not complete (X509 lookup)$The operation did not complete (connect)$The operation did not complete (read)$The operation did not complete (write)
                                                                                                                                                                                                                                        • API String ID: 2320205569-3413158800
                                                                                                                                                                                                                                        • Opcode ID: 21256324d9c947dbf861e23fc76f2460f4f137e4bc5258be90bfc7b51f835d17
                                                                                                                                                                                                                                        • Instruction ID: e3507e62212df4a541f85ea8259dc710ab6d18c766ba8f6d178eaa282d433189
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21256324d9c947dbf861e23fc76f2460f4f137e4bc5258be90bfc7b51f835d17
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB514EA2A08A8285E7688F31D844A3A6761FB44B84F54CD31DE1F937B8CF3CEC458318
                                                                                                                                                                                                                                        Function 00007FFB1C4F8110 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DescriptorSecurityfree$Err_OwnerString$Arg_DaclGroupLengthParseSaclTupleValid
                                                                                                                                                                                                                                        • String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorOwner$The object is not a PySID object
                                                                                                                                                                                                                                        • API String ID: 965136164-2833774516
                                                                                                                                                                                                                                        • Opcode ID: aef6385c6ffa6607ed4c7629492603328896fa881ad10a521eeb59cb8e13f37a
                                                                                                                                                                                                                                        • Instruction ID: 2e5a017510ba9a4c67dcbfe6735f7c26b291b63d7dc069fbb1d14281569cba3e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aef6385c6ffa6607ed4c7629492603328896fa881ad10a521eeb59cb8e13f37a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9516DE2B09E1285FB848F75D8481F823A2BF85BA8F644436DD0E8BA55CF3CE459C340
                                                                                                                                                                                                                                        Function 00007FFB1C4F1F20 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
                                                                                                                                                                                                                                        • String ID: Identifier must be PySID object when TrusteeForm = TRUSTEE_IS_SID$Identifier must be string/unicode when TrusteeForm = TRUSTEE_IS_NAME$Invalid value for TrusteeForm$The object is not a PySID object$Trustee must be a dictionary containing {MultipleTrustee,MultipleTrusteeOperation,TrusteeForm,TrusteeType,Identifier}$TrusteeForm not yet supported$llO|Ol
                                                                                                                                                                                                                                        • API String ID: 959004690-581804069
                                                                                                                                                                                                                                        • Opcode ID: 707a35720a00c420ca8ba0d0daa86926384e82143e4fdfa3e59252872c135f1d
                                                                                                                                                                                                                                        • Instruction ID: 183579349356ccd95c7221e33581ab8168d3a5c9df102bec63a4a3111ee64a76
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 707a35720a00c420ca8ba0d0daa86926384e82143e4fdfa3e59252872c135f1d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2512BF2A09F4285EBA08F29E4995E973B2FB847A4F644031DA4D87754DF3CE568C740
                                                                                                                                                                                                                                        Function 00007FFB1C4FCE10 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Buffer_ClearFormatFreeMem_ReleaseString$BufferCharLong_Object_OccurredUnicode_VoidWide
                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters$WPARAM must be a unicode string, int, or buffer object (got %s)
                                                                                                                                                                                                                                        • API String ID: 3109676845-3026970096
                                                                                                                                                                                                                                        • Opcode ID: 536011469f1ea8dca0ddd0ab18208faeb16ae769c1ddf08c5149215b16994c7b
                                                                                                                                                                                                                                        • Instruction ID: 837d2e500bf4dcb39ce822d081e31b80bf07fa97181c72b5766a2baec94446e5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 536011469f1ea8dca0ddd0ab18208faeb16ae769c1ddf08c5149215b16994c7b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B35126E5A0DE4285EB95CF39E4592B963A2FF88BA8F644031DA4D87794DF3CE464C304
                                                                                                                                                                                                                                        Function 00007FFB1C4F2120 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 98COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$BuildCharFromUnicode_ValueWide
                                                                                                                                                                                                                                        • String ID: Identifier$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                        • API String ID: 2305401427-1816636059
                                                                                                                                                                                                                                        • Opcode ID: 5a0a1012d8833b139fbfd446439bf17aa0a33ff638580648c0575e85bb00a133
                                                                                                                                                                                                                                        • Instruction ID: 48c7f552e68b23c2dd4b73c4f7f92f73ff52bfd9b71d5bdabe2a426df6463370
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a0a1012d8833b139fbfd446439bf17aa0a33ff638580648c0575e85bb00a133
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80413DE1A08E4286E7A08F29E8492A973A2FB84BA4F644131CA5D83764DF3CE565C700
                                                                                                                                                                                                                                        Function 00007FFB1BB15F90 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 85threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: BufferBuffer_Err_Eval_Object_ReleaseStringThreadUpdate$CheckRestoreSaveThread_acquire_lockThread_allocate_lockThread_release_lock
                                                                                                                                                                                                                                        • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required
                                                                                                                                                                                                                                        • API String ID: 2508703043-2943709887
                                                                                                                                                                                                                                        • Opcode ID: 78ce111b8ac589fbe8335c187bae4a018ecdb7cf0182e2a01e83ba80c14cd4e3
                                                                                                                                                                                                                                        • Instruction ID: ddcd760e9fa07e85697cfa487de60ee937dd9da9f1e46f227a4980a0a4ee3750
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78ce111b8ac589fbe8335c187bae4a018ecdb7cf0182e2a01e83ba80c14cd4e3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B34124E9A18E82C2E6308B26F45437A6362FB95BA4F14A131ED4E43A74DF3CE595C740
                                                                                                                                                                                                                                        Function 00007FFB0BE44344 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 78threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$O_ctrlRestoreSaveX_set_keylog_callback$DeallocErr_O_free_allO_new_fpO_putsPy_fopen_objString
                                                                                                                                                                                                                                        • String ID: # TLS secrets log file, generated by OpenSSL / Python$Can't malloc memory for keylog file
                                                                                                                                                                                                                                        • API String ID: 2661017659-2802485923
                                                                                                                                                                                                                                        • Opcode ID: 6d9e8f32ed5e3939cde047352c3d4ee893e3f85fa1dad55eb6c699dd23bc72a2
                                                                                                                                                                                                                                        • Instruction ID: 9ea9a8376c50fd81431859d1dab5f8942f328c11b19995e9cd7cc0a5cbb295dd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d9e8f32ed5e3939cde047352c3d4ee893e3f85fa1dad55eb6c699dd23bc72a2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4631FCA5B08A0292EB589F31E954B6923B0FB88B85F44C831DA0F87B74DF7CE8558300
                                                                                                                                                                                                                                        Function 00007FFB0BE453F8 Relevance: 27.1, APIs: 18, Instructions: 103COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • X509_get_ext_d2i.LIBCRYPTO-1_1(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE4541E
                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-1_1(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE4542F
                                                                                                                                                                                                                                        • AUTHORITY_INFO_ACCESS_free.LIBCRYPTO-1_1(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE4543C
                                                                                                                                                                                                                                        • PyList_New.PYTHON311(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE45464
                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-1_1(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE4547B
                                                                                                                                                                                                                                        • OPENSSL_sk_value.LIBCRYPTO-1_1(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE4548A
                                                                                                                                                                                                                                        • OBJ_obj2nid.LIBCRYPTO-1_1(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE45496
                                                                                                                                                                                                                                        • PyUnicode_FromStringAndSize.PYTHON311(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE454B5
                                                                                                                                                                                                                                        • PyList_Append.PYTHON311(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE454CD
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE454DF
                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-1_1(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE454EF
                                                                                                                                                                                                                                        • AUTHORITY_INFO_ACCESS_free.LIBCRYPTO-1_1(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE454FC
                                                                                                                                                                                                                                        • PyList_Size.PYTHON311(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE45505
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE4551D
                                                                                                                                                                                                                                        • PyList_AsTuple.PYTHON311(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE4552B
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE4553D
                                                                                                                                                                                                                                        • AUTHORITY_INFO_ACCESS_free.LIBCRYPTO-1_1(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE4554E
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,00000000,00000000,00007FFB0BE4530F), ref: 00007FFB0BE45562
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocList_$L_sk_numS_free$Size$AppendFromJ_obj2nidL_sk_valueStringTupleUnicode_X509_get_ext_d2i
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 230305477-0
                                                                                                                                                                                                                                        • Opcode ID: 5d43278757300f44b045bf605fcd158ed03b3f4d028d50eb2f63f44ddb64b8e2
                                                                                                                                                                                                                                        • Instruction ID: a5e6331f26a15f1b316364a8c7699e0807602b6c99168b54db0731245567305d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d43278757300f44b045bf605fcd158ed03b3f4d028d50eb2f63f44ddb64b8e2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C441C8A1B09A4282EA5C9F76ED54A3923E1AF95F96B14CC35CD4F86B70DF3CE8458304
                                                                                                                                                                                                                                        Function 00007FFB1C4F9490 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Authority$CountErrorIdentifierLastValid
                                                                                                                                                                                                                                        • String ID: %lu$-%lu$0x%02hx%02hx%02hx%02hx%02hx%02hx$S-%lu-
                                                                                                                                                                                                                                        • API String ID: 228009767-531523367
                                                                                                                                                                                                                                        • Opcode ID: fa4b73b2122f94ad40679b657c7a689dbbcdd8247965d13734230e0676b96163
                                                                                                                                                                                                                                        • Instruction ID: eb70ee5242a351e1b140897e2198fc06895d1fef0f84dc7d1f95f0e9432c2aba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa4b73b2122f94ad40679b657c7a689dbbcdd8247965d13734230e0676b96163
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C51E3E6A0CAD182D7908F25E8582BA7BA1FB85BA5F544035DE8E83715DE3CD068C700
                                                                                                                                                                                                                                        Function 00007FFB1BB135D0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 101stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocModule_$Dict_String$AttrDictFromItemObjectObject_Proxy_StateUnicode_strncmp
                                                                                                                                                                                                                                        • String ID: _constructors$openssl_
                                                                                                                                                                                                                                        • API String ID: 4166098000-3359357282
                                                                                                                                                                                                                                        • Opcode ID: fa586f8a03b9af948746d6ba20b16b26cf13e242093c12c633a710a3821e2d3c
                                                                                                                                                                                                                                        • Instruction ID: 0945f1725ade61fe8b34966f3a4bab52f83b7a7754edd9729de48028f5e48994
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa586f8a03b9af948746d6ba20b16b26cf13e242093c12c633a710a3821e2d3c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B24128E9A1EF02C1EA358B76F45423666A6FF46BA0B18A035DD0D07B74FE3CE5458350
                                                                                                                                                                                                                                        Function 00007FFB1BB120E0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 100threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$Eval_Thread$Bytes_D_sizeDeallocFromLongLong_Module_OccurredPy_hashtable_getRestoreSaveSizeState
                                                                                                                                                                                                                                        • String ID: iteration value must be greater than 0.$key length must be greater than 0.$password is too long.$salt is too long.
                                                                                                                                                                                                                                        • API String ID: 3303125057-530160643
                                                                                                                                                                                                                                        • Opcode ID: cce0df4e653fc0dc8846b8a7a19f37834a2f7423bbd1449cbc78b980cd033301
                                                                                                                                                                                                                                        • Instruction ID: 4d68777263672214e62c831f4e448e69b118358473de906e9dcb3366a570530d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cce0df4e653fc0dc8846b8a7a19f37834a2f7423bbd1449cbc78b980cd033301
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD41DDF9A08E42C2EA24DB32F44427A6362FB85BA4F14A135DE5D43B74DF3CE5558700
                                                                                                                                                                                                                                        Function 00007FFB1C4FA900 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 95memoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
                                                                                                                                                                                                                                        • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                        • API String ID: 1531658785-4125661472
                                                                                                                                                                                                                                        • Opcode ID: 4e3cef3092878212dec72bf8627b327d10e4a4ca64419bb613e7e61799b291bb
                                                                                                                                                                                                                                        • Instruction ID: 59526ff9d3a6fd809a2ddd07fb0a15cae35cfe7cc8b5fa6ae5a914f529a876cc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4e3cef3092878212dec72bf8627b327d10e4a4ca64419bb613e7e61799b291bb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D74111F1A0DF4281EE948F29E54A2B96362BF84BA4F645135DE4E83765DF3CE468C300
                                                                                                                                                                                                                                        Function 00007FFB1C4FA760 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
                                                                                                                                                                                                                                        • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                        • API String ID: 1531658785-4125661472
                                                                                                                                                                                                                                        • Opcode ID: 862e4dbdeab576c23ed5ead3b0d872552efe038e02a85aa776ff515e8b7cd4a7
                                                                                                                                                                                                                                        • Instruction ID: d0ebff7014b4121a349e0884051b92a8adafa13e6d680ea4b1b08ffdf2318271
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 862e4dbdeab576c23ed5ead3b0d872552efe038e02a85aa776ff515e8b7cd4a7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD41FAE1A1DF4681FA94CB29E44A2B963A2BF88BA4F644035D94E83755DF7CE426C300
                                                                                                                                                                                                                                        Function 00007FFB1C4F1DB0 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CheckErr_Mapping_String
                                                                                                                                                                                                                                        • String ID: Object must be a mapping (dictionary, class instance, etc$__dict__
                                                                                                                                                                                                                                        • API String ID: 1486305882-910247860
                                                                                                                                                                                                                                        • Opcode ID: 79b150d28eb356a4ed12ca38b125deefef58955c98350e5b17090937fdf1a7c4
                                                                                                                                                                                                                                        • Instruction ID: c203c61293bbf8a086f555f4f4f632a3e645d78159643cbd58af91cebd2e3725
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79b150d28eb356a4ed12ca38b125deefef58955c98350e5b17090937fdf1a7c4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06315AE1A09E4285EA948F76E8591B963A2FFC5FA4F184034DD4E47755DF3CE4A58300
                                                                                                                                                                                                                                        Function 00007FFB0BE42264 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object$BuildFromOpenSizeValue_$L_versionL_version_numLongLong_StringUnicode_Unsigned
                                                                                                                                                                                                                                        • String ID: IIIII$OPENSSL_VERSION$OPENSSL_VERSION_INFO$OPENSSL_VERSION_NUMBER$_OPENSSL_API_VERSION
                                                                                                                                                                                                                                        • API String ID: 689537824-595941748
                                                                                                                                                                                                                                        • Opcode ID: bd5ff4d52b732036b4f2fe70be322aefd2711245ceec23e8c1af313907d24dde
                                                                                                                                                                                                                                        • Instruction ID: 695741b7ad7ed66f929bcab72a8e3fa03bcbed31bea4251c08e2710e4b5a55a0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd5ff4d52b732036b4f2fe70be322aefd2711245ceec23e8c1af313907d24dde
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4214FA0B1870341FE1C8B35EC4497967A1FF8AB95B08C939DA4F867B0EF2CE5498700
                                                                                                                                                                                                                                        Function 00007FFB1C4F2FD0 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 159COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyErr_Format.PYTHON311 ref: 00007FFB1C4F3046
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311 ref: 00007FFB1C4F30AD
                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00007FFB1C4F3114
                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32 ref: 00007FFB1C4F3130
                                                                                                                                                                                                                                        • PyErr_Format.PYTHON311 ref: 00007FFB1C4F315B
                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB1C4F316B
                                                                                                                                                                                                                                        • PyErr_Format.PYTHON311 ref: 00007FFB1C4F3190
                                                                                                                                                                                                                                        • memset.VCRUNTIME140 ref: 00007FFB1C4F31A3
                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140 ref: 00007FFB1C4F31B3
                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB1C4F3218
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC0BB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC12A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyUnicode_DecodeMBCS.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC1FB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC210
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC228
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyErr_SetObject.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC23D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_Dealloc.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC24C
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Format$ErrorLast$BuildDeallocDecodeFreeLengthLocalMessageObjectSizeStringUnicode_Value_freemallocmemcpymemset
                                                                                                                                                                                                                                        • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                        • API String ID: 4156918035-1709335586
                                                                                                                                                                                                                                        • Opcode ID: 57fa3c9917c03d2d0da01888442c20f1908e2f85548d13f875063f37d5aa6185
                                                                                                                                                                                                                                        • Instruction ID: b23d4ea2c0917d477ba2eca5c81dd779ae0c0d3efbc4dc1d40f86506045cb6cd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57fa3c9917c03d2d0da01888442c20f1908e2f85548d13f875063f37d5aa6185
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A6188E1A0CE4285E6609B35E8596FA63A2FF84FE8F644031DD4D87755DF3CD4658700
                                                                                                                                                                                                                                        Function 00007FFB0BE49DC4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • a2i_IPADDRESS.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49E09
                                                                                                                                                                                                                                        • ERR_clear_error.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49E17
                                                                                                                                                                                                                                        • PyUnicode_Decode.PYTHON311(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49E31
                                                                                                                                                                                                                                        • SSL_ctrl.LIBSSL-1_1(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49E56
                                                                                                                                                                                                                                        • SSL_get0_param.LIBSSL-1_1(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49E8D
                                                                                                                                                                                                                                        • X509_VERIFY_PARAM_set1_host.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49EAE
                                                                                                                                                                                                                                        • ASN1_STRING_length.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49EC5
                                                                                                                                                                                                                                        • ASN1_STRING_get0_data.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49ED1
                                                                                                                                                                                                                                        • X509_VERIFY_PARAM_set1_ip.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49EE0
                                                                                                                                                                                                                                        • ASN1_OCTET_STRING_free.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49F10
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311(?,?,?,?,00000000,00007FFB0BE4B7D7,?,?,?,?,00007FFB0C376CC8,?,00000000,00007FFB0BE46FF1), ref: 00007FFB0BE49F29
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X509_$DecodeErr_G_freeG_get0_dataG_lengthL_ctrlL_get0_paramM_set1_hostM_set1_ipR_clear_errorStringUnicode_a2i_
                                                                                                                                                                                                                                        • String ID: ascii$server_hostname cannot be an empty string or start with a leading dot.$strict
                                                                                                                                                                                                                                        • API String ID: 2286705765-138613600
                                                                                                                                                                                                                                        • Opcode ID: 9704dd8562a4a900ff36a1ce43551fc0118aee03d936d7d3bb9d3f996b04031e
                                                                                                                                                                                                                                        • Instruction ID: 6d5d8ccf7e4ddb28072b7e07bdd4cab3f3c1aad1a2d104838ea54dbf39c20625
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9704dd8562a4a900ff36a1ce43551fc0118aee03d936d7d3bb9d3f996b04031e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D04171A5A0864286EA288B76D914A3A77A1FF45FD4F44C930DA4F977B1DF3CE4458300
                                                                                                                                                                                                                                        Function 00007FFB1C4FC8D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 52COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Long$FromLong_Unsigned$BuildSizeValue_
                                                                                                                                                                                                                                        • String ID: OtherOperationCount$OtherTransferCount$ReadOperationCount$ReadTransferCount$WriteOperationCount$WriteTransferCount${s:N,s:N,s:N,s:N,s:N,s:N}
                                                                                                                                                                                                                                        • API String ID: 3939590852-408589094
                                                                                                                                                                                                                                        • Opcode ID: a0f32f901ba320525bd2f41cb89f31e30ec1646773f647a165cf4db9ee0c1487
                                                                                                                                                                                                                                        • Instruction ID: 2dc7ece7977ea52ce43613cb2a9f6a15e4c3e4aca3454e2b4b4a284cc348b4b6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0f32f901ba320525bd2f41cb89f31e30ec1646773f647a165cf4db9ee0c1487
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C92157B6A08F4281D640CF21F8494E977B5FB88BA0B251536EE9D83724EF3CD1A5C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F2C10 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 130COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                        • API String ID: 1450464846-1709335586
                                                                                                                                                                                                                                        • Opcode ID: d2ae676d934d3267ad57bb9851cf6cb7f18075f5f063a72af8f57cef69052111
                                                                                                                                                                                                                                        • Instruction ID: 75851cc60dcf5ddc8c3aa669e38dc4e4d42740c43c51c7d0652deee292df3a4b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2ae676d934d3267ad57bb9851cf6cb7f18075f5f063a72af8f57cef69052111
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC5155E1A0CF4282E6A49B36E8591BA7362BFC5BE4F644031DD4E87755DF3CD4158700
                                                                                                                                                                                                                                        Function 00007FFB1C4F28D0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 129COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                        • API String ID: 1450464846-1709335586
                                                                                                                                                                                                                                        • Opcode ID: 675519ab5b1c919eb62754e3eab81f895f7bec2be97227bd4b364dc60a722c1c
                                                                                                                                                                                                                                        • Instruction ID: d5940d3272fd693c2f45464db683a52251c16cddc728696efa33dcbcee191d63
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 675519ab5b1c919eb62754e3eab81f895f7bec2be97227bd4b364dc60a722c1c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7051B3E1B0CE4782E6649B7AE8594B963A2BF85BE8F644031DD0D87765DF3CE4618300
                                                                                                                                                                                                                                        Function 00007FFB1C4FC9C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 115COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$DeallocFormatSequence_StringTuple
                                                                                                                                                                                                                                        • String ID: Sequence can contain at most %d items$Sequence of dwords cannot be None$Unable to allocate %d bytes
                                                                                                                                                                                                                                        • API String ID: 3107502305-158408534
                                                                                                                                                                                                                                        • Opcode ID: 4ff57c079a7565b706806e440dcc66b9e2385a6a7c88c6086e10ce868687c0f8
                                                                                                                                                                                                                                        • Instruction ID: 9f93628de6f438b2b70d1348e8e0b52b4319d789980fb82b38aa7340decdafd5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ff57c079a7565b706806e440dcc66b9e2385a6a7c88c6086e10ce868687c0f8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A4144F2A09F0685EA65CF29E8491B877A2FB88BA8F554031CD5D43710DF3CE4A5C704
                                                                                                                                                                                                                                        Function 00007FFB1BB15B54 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Buffer_$Arg_$ArgumentBufferContiguousObject_Release$KeywordsUnpack
                                                                                                                                                                                                                                        • String ID: argument 'key'$argument 'msg'$contiguous buffer$hmac_digest
                                                                                                                                                                                                                                        • API String ID: 3345984100-3409375717
                                                                                                                                                                                                                                        • Opcode ID: 60ae5d475daa5054ec9ca600280f368c48e9b038d256d0750ed6aa6cd782c392
                                                                                                                                                                                                                                        • Instruction ID: 67979a905de8c9e8e51396e65dff158292b1f1aca0ad792dcf510853d421ebdf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60ae5d475daa5054ec9ca600280f368c48e9b038d256d0750ed6aa6cd782c392
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C519FA6A08EC6C1EA30CF31F8443BAA362FB957A4F44A131D98C47964DFBCE585C740
                                                                                                                                                                                                                                        Function 00007FFB0BE46888 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Buffer_$Arg_$ArgumentBufferCheckContiguousDoubleErr_FillFloat_InfoObject_OccurredPositionalReleaseSizeUnicode_memset
                                                                                                                                                                                                                                        • String ID: RAND_add$argument 1$contiguous buffer
                                                                                                                                                                                                                                        • API String ID: 2392993315-868614225
                                                                                                                                                                                                                                        • Opcode ID: c5c8985cf3dc4dc082e85f61d297588c129e1e6ece041c75f8afe4d76d41c254
                                                                                                                                                                                                                                        • Instruction ID: 3b9d9ebca9dc3a236e772dfe9ed1ea60029d89864ad2fbb29067eebc809e1a86
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5c8985cf3dc4dc082e85f61d297588c129e1e6ece041c75f8afe4d76d41c254
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F418FA1A18A82C5EB148B35E840BB973A0FF95B84F44C875DA5E83674DF7DE889C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F7770 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • IsValidSecurityDescriptor.ADVAPI32(?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4F7780
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311(?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4F779B
                                                                                                                                                                                                                                        • GetSecurityDescriptorLength.ADVAPI32(?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4F77B6
                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4F77C4
                                                                                                                                                                                                                                        • MakeSelfRelativeSD.ADVAPI32(?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4F77DD
                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4F77EE
                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4F77FE
                                                                                                                                                                                                                                        • PyErr_Format.PYTHON311(?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4F7822
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DescriptorErr_Securitymalloc$FormatLengthMakeRelativeSelfStringValidfree
                                                                                                                                                                                                                                        • String ID: Invalid Security descriptor$MakeSelfRelativeSD$Unable to allocate %d bytes
                                                                                                                                                                                                                                        • API String ID: 1101611553-2210018374
                                                                                                                                                                                                                                        • Opcode ID: 4f6ece4c23e88f35a1238b66dc8543816b07f210e687e0dad1e9b3ccfed4a25a
                                                                                                                                                                                                                                        • Instruction ID: b235c2674e4581be2d924c033945f3b16f2757997d3d0870aff379fb0361c5f4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f6ece4c23e88f35a1238b66dc8543816b07f210e687e0dad1e9b3ccfed4a25a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40311EE1B18E4182EB918B36F4992A963A2FBC8BA8F644035DA4EC7755DF2CD465C700
                                                                                                                                                                                                                                        Function 00007FFB0BE43A68 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: SizeString$BuildBytes_D_bytesErr_FromValue_
                                                                                                                                                                                                                                        • String ID: (ks)$num must be positive
                                                                                                                                                                                                                                        • API String ID: 413208185-3708576348
                                                                                                                                                                                                                                        • Opcode ID: 2d157215cdda228688e5c374b34d10a1620997e1e521956fa37d3d2a5fb86875
                                                                                                                                                                                                                                        • Instruction ID: fad165a77e5bb7e75921b2872ad4f62fb806f372bcd4b25b725075959e7c255d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d157215cdda228688e5c374b34d10a1620997e1e521956fa37d3d2a5fb86875
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA3118A5F08A1282EA589B31EC5497963A1AF88B90F18CC35C90FC7775DF6CEC489304
                                                                                                                                                                                                                                        Function 00007FFB0BE49CD0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: String$Bytes_DeallocErr_M_read_bio_Module_O_ctrlO_freeO_newO_s_fileStateX509X509_free
                                                                                                                                                                                                                                        • String ID: Can't malloc memory to read file$Can't open file$Error decoding PEM-encoded file
                                                                                                                                                                                                                                        • API String ID: 2561677103-2145957498
                                                                                                                                                                                                                                        • Opcode ID: 73fb516c7655530ed212b6140ecbe2911a776419a880bce815d7f0f19be340fa
                                                                                                                                                                                                                                        • Instruction ID: bc8120829652012aed985701c2ba403a238d93a917c537cbfbec62f80e809d23
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73fb516c7655530ed212b6140ecbe2911a776419a880bce815d7f0f19be340fa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07210CA5B09A4286EA189F36EC1497A6361BF85F81B44D830DE0F97775DF3CE8558304
                                                                                                                                                                                                                                        Function 00007FFB0BE47248 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X509_$L_sk_num$BuildE_get0_objectsL_sk_valueSizeT_get0_T_get_typeValue_X509X509_check_caX_get_cert_store
                                                                                                                                                                                                                                        • String ID: crl$x509$x509_ca${sisisi}
                                                                                                                                                                                                                                        • API String ID: 3289807285-1814362494
                                                                                                                                                                                                                                        • Opcode ID: 86d7bf32e19b1ff228e91968923c7aa132553c7a4af27e47ee4ae69c41fe9346
                                                                                                                                                                                                                                        • Instruction ID: 13af6d0d6e372d331b2df92fb9f3609c7f3669545c2cab8b101d30572f23cdfb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86d7bf32e19b1ff228e91968923c7aa132553c7a4af27e47ee4ae69c41fe9346
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 522137A5A08B1286EA189F76E94487A27A4FF84B90F50C935ED4F82739DF3CE8458744
                                                                                                                                                                                                                                        Function 00007FFB1BB122E0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Format$R_clear_errorR_func_error_stringR_lib_error_stringR_peek_last_errorR_reason_error_stringString
                                                                                                                                                                                                                                        • String ID: [%s: %s] %s$[%s] %s$no reason supplied
                                                                                                                                                                                                                                        • API String ID: 748225740-1501659929
                                                                                                                                                                                                                                        • Opcode ID: f732909be8528ef574793b7a202fcfcfca31febcb722a85dce131b32fee7442b
                                                                                                                                                                                                                                        • Instruction ID: 34b40cdae5f5e70946f59702b1d46246f6585cf02d93faa9262aa7a85f451314
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f732909be8528ef574793b7a202fcfcfca31febcb722a85dce131b32fee7442b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28213EE9A48F42C2EA299B31F4042AA62A7FF45BA0F54A030D94E07F34DF2CE556C600
                                                                                                                                                                                                                                        Function 00007FFB1C4F1BC0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Formatmalloc
                                                                                                                                                                                                                                        • String ID: Ace type %d is not supported yet$Error reordering ACL: Unable to allocate acl of size %d$ReorderACL
                                                                                                                                                                                                                                        • API String ID: 1659041409-545600788
                                                                                                                                                                                                                                        • Opcode ID: 2138029694f744f6e92877d81b74e0d26cf92d44e82eba7b9db4256dc4efbf49
                                                                                                                                                                                                                                        • Instruction ID: 99c2de68886705b2d753abd2053c23744cf6c4c542e8a74327dbc1cf4df7bbe0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2138029694f744f6e92877d81b74e0d26cf92d44e82eba7b9db4256dc4efbf49
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D51A9E1A0CE9281E7608F79E4582BA77A2FB86BA8F644035DD8D93754CE3CE065C740
                                                                                                                                                                                                                                        Function 00007FFB1C4F6AA0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_StringUnicode_
                                                                                                                                                                                                                                        • String ID: Internal$InternalHigh$The object is not a PyHANDLE object$can't delete OVERLAPPED attributes$hEvent
                                                                                                                                                                                                                                        • API String ID: 3427960318-2811562281
                                                                                                                                                                                                                                        • Opcode ID: a89c9cab0581d9321e78040c9f681f78a7d2a0b5c24b2737d699dec27ae0a648
                                                                                                                                                                                                                                        • Instruction ID: 0dea62d3f7840c287f225111f3e2f79554a2c9c3c033b920713f3b15c0ec8c96
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a89c9cab0581d9321e78040c9f681f78a7d2a0b5c24b2737d699dec27ae0a648
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4413FE1A1CE5281EA908B3AE4591FD67A2FB85BA8F744131DE4E83795DF2CE4748300
                                                                                                                                                                                                                                        Function 00007FFB0BE45570 Relevance: 21.1, APIs: 14, Instructions: 97COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • X509_get_ext_d2i.LIBCRYPTO-1_1(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE45597
                                                                                                                                                                                                                                        • PyList_New.PYTHON311(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE455B3
                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE455CA
                                                                                                                                                                                                                                        • OPENSSL_sk_value.LIBCRYPTO-1_1(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE455DD
                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE455F5
                                                                                                                                                                                                                                        • OPENSSL_sk_value.LIBCRYPTO-1_1(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE45605
                                                                                                                                                                                                                                        • PyUnicode_FromStringAndSize.PYTHON311(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE4561B
                                                                                                                                                                                                                                        • PyList_Append.PYTHON311(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE4562F
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE45641
                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE45652
                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE45662
                                                                                                                                                                                                                                        • PyList_AsTuple.PYTHON311(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE45679
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE45694
                                                                                                                                                                                                                                        • CRL_DIST_POINTS_free.LIBCRYPTO-1_1(?,?,00000000,00007FFB0BE453A6), ref: 00007FFB0BE4569D
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_num$List_$DeallocL_sk_value$AppendFromS_freeSizeStringTupleUnicode_X509_get_ext_d2i
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3668485020-0
                                                                                                                                                                                                                                        • Opcode ID: 4c47a595db692aaafd62f4efac779d55216440f1250a2c1fbbb9f329a38bba88
                                                                                                                                                                                                                                        • Instruction ID: 2bce5a9a93e34b27af2bff37056cf9068c59bf8f8268fbb7474cee4b013162ad
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c47a595db692aaafd62f4efac779d55216440f1250a2c1fbbb9f329a38bba88
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD3105A1A19A4696EA1C9F36E95493963A1FF94F95B04CC74CD0F87B70EF3CE8468300
                                                                                                                                                                                                                                        Function 00007FFB1C4FAAE0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 92COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$FormatUnicode_
                                                                                                                                                                                                                                        • String ID: Expected 'bytes', got '%s'$None is not a valid string in this context$value is larger than a DWORD
                                                                                                                                                                                                                                        • API String ID: 744494611-3495899980
                                                                                                                                                                                                                                        • Opcode ID: a430194419dd586d332d8014c26a957f3bac6adac9305431a12049d3fc873c34
                                                                                                                                                                                                                                        • Instruction ID: 5b5230c4b8bc529e5f4c5d5ad0ff8916bb599123524e8f0e4fd3f91d97174f8a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a430194419dd586d332d8014c26a957f3bac6adac9305431a12049d3fc873c34
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D4130E1A0DF4286EA909F39E45A1B967A2FF88FA8F244431DE0E87754DE3CD465C300
                                                                                                                                                                                                                                        Function 00007FFB1C4FAD70 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81memoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: String$Err_$FreeMem_$AllocCharFormatUnicode_Wide
                                                                                                                                                                                                                                        • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                        • API String ID: 2830890580-4125661472
                                                                                                                                                                                                                                        • Opcode ID: 86873c97c87d5965aba3f6a02d2ea39f9c5c37f1b724ad7e9c51e19bba28fe1b
                                                                                                                                                                                                                                        • Instruction ID: a6e774deee3ee5ef1df4fc64b0f86760ced5f8d5a5daa979cdb4b707215455c5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86873c97c87d5965aba3f6a02d2ea39f9c5c37f1b724ad7e9c51e19bba28fe1b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3310DE5A0DF4281EB908B29E44A2B973A2FFC8BA8F644131DA4D83754DF7CE4658700
                                                                                                                                                                                                                                        Function 00007FFB0BE473E0 Relevance: 19.6, APIs: 13, Instructions: 86COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocX509_$L_sk_numList_$AppendE_get0_objectsL_sk_valueT_get0_T_get_typeX509X509_check_caX_get_cert_store
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2012148854-0
                                                                                                                                                                                                                                        • Opcode ID: 0e65f4fb861a77f61489e4dc330ce843bc642d946c4f5126ca3c3ef6f1cd53f1
                                                                                                                                                                                                                                        • Instruction ID: 2982fb9375038405effe99709a5521acb7fd4f52eada7da6654bf9aa84c36de3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e65f4fb861a77f61489e4dc330ce843bc642d946c4f5126ca3c3ef6f1cd53f1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 753107A1B09A4285EA5CAB76E94493976A1AF48FE1B14CC34DD1FC67B4EF3CEC458340
                                                                                                                                                                                                                                        Function 00007FFB0BE4B8E8 Relevance: 19.6, APIs: 13, Instructions: 84encryptionCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$CertEnhancedErrorFromLastMallocMem_MemoryUsageWindows
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2062549779-0
                                                                                                                                                                                                                                        • Opcode ID: d6c67a87e6bcc84a90c228b32d6e5558a44457348de136eb344fac60c96a24c3
                                                                                                                                                                                                                                        • Instruction ID: 54f021c0496fd713396afabf0cef171801cd161fb509a5d2626b3dbd78e5796b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6c67a87e6bcc84a90c228b32d6e5558a44457348de136eb344fac60c96a24c3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B311CA1A0DA4282EA5D9F76E85493972A0AF48B90B04C835DB4FC27B0DF7CE846D700
                                                                                                                                                                                                                                        Function 00007FFB1BB124A0 Relevance: 19.6, APIs: 13, Instructions: 81threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_ThreadThread_acquire_lock$Bytes_D_sizeDigestErr_FinalFromMemoryRestoreSaveSizeStringThread_release_lockX_copyX_freeX_mdX_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2079540947-0
                                                                                                                                                                                                                                        • Opcode ID: 13bf528bbfe6988f5c622638a1f89d57ca1c425aec10fc5b4caa399da1a68e6d
                                                                                                                                                                                                                                        • Instruction ID: 2f4953f39af4e26931a0ac6dcdb4430e7e53d8029b26f0688a8b3a2a06abe53d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13bf528bbfe6988f5c622638a1f89d57ca1c425aec10fc5b4caa399da1a68e6d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC31EAE9A08E42C1EA309B36F85437B63A2FF89BA1F55A031DD4E47B75DE2CE4458640
                                                                                                                                                                                                                                        Function 00007FFB1BB125A0 Relevance: 19.6, APIs: 13, Instructions: 79threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_ThreadThread_acquire_lock$D_sizeDigestErr_FinalMemoryPy_strhexRestoreSaveThread_release_lockX_copyX_freeX_mdX_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2842303453-0
                                                                                                                                                                                                                                        • Opcode ID: 4ee0fe8493b3b5a956620769f515e1b1c9ba8cb5b11cfe67b771819722130dcf
                                                                                                                                                                                                                                        • Instruction ID: 07f0f1d4340b36d011aaab231c8b9e67f411c65fda83513c054f0661176ae61e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ee0fe8493b3b5a956620769f515e1b1c9ba8cb5b11cfe67b771819722130dcf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE31EAE9A08E42C1EB309B32F86437B6362FF89BA0F54A431DD4E47B75DE2CE4458600
                                                                                                                                                                                                                                        Function 00007FFB1BB12740 Relevance: 19.6, APIs: 13, Instructions: 70COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Mem_$Free$X_free$Err_Memory$DigestFinalMallocPy_strhexX_copyX_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 422439089-0
                                                                                                                                                                                                                                        • Opcode ID: 92f56c05037abb82a85218ec7886c4b7d23f0c88ed8de4405fa8048b4c49834a
                                                                                                                                                                                                                                        • Instruction ID: 534c14e838ea7ace32c86af1ba3b904e00355ee1a74a2f9b3989fc80bceea9d7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92f56c05037abb82a85218ec7886c4b7d23f0c88ed8de4405fa8048b4c49834a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6421B9D8A08E42C5EA249B33F95427B6266FF8AFE0B18A431DD0F47F75DE2CE4558250
                                                                                                                                                                                                                                        Function 00007FFB1C4FC0A0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC0BB
                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC12A
                                                                                                                                                                                                                                        • PyUnicode_FromWideChar.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC1DC
                                                                                                                                                                                                                                        • PyUnicode_DecodeMBCS.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC1FB
                                                                                                                                                                                                                                        • _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC210
                                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC228
                                                                                                                                                                                                                                        • PyErr_SetObject.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC23D
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC24C
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Unicode_$BuildCharDeallocDecodeErr_ErrorFormatFreeFromLastLocalMessageObjectSizeValue_Wide
                                                                                                                                                                                                                                        • String ID: (iNN)$No error message is available$ignore
                                                                                                                                                                                                                                        • API String ID: 2848599001-37674240
                                                                                                                                                                                                                                        • Opcode ID: 52b6fe7770fc2d2515e144da6e353b5ae525f0168c72c5c8ee24c871fdd93e54
                                                                                                                                                                                                                                        • Instruction ID: d178c749c8bd36f43f9b97a19d3ec8e4cf64673db3324855549d7ad7323cf3b0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52b6fe7770fc2d2515e144da6e353b5ae525f0168c72c5c8ee24c871fdd93e54
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 895173E1E0CE0285EAA09F69E5591F963A3FFC4BA8F644135DA4E43394DF3CE4628704
                                                                                                                                                                                                                                        Function 00007FFB0BE45D60 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$DeallocMem_$FormatFreeMallocUnicode_memcpy
                                                                                                                                                                                                                                        • String ID: password cannot be longer than %d bytes$unable to allocate password buffer
                                                                                                                                                                                                                                        • API String ID: 1570515377-2395793021
                                                                                                                                                                                                                                        • Opcode ID: 5341e7c03c655fe574c1d00ac0adfb509dd2fadeb26bc352daaa8dc649725929
                                                                                                                                                                                                                                        • Instruction ID: 3fe9a2fbce56532f3cdd248627f086f09426138d01c0696d1baacf3ea0fcd755
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5341e7c03c655fe574c1d00ac0adfb509dd2fadeb26bc352daaa8dc649725929
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6141FEB1B09A42C6EA189F36E94497963A5BF95FD0B14C831DA1F87BB4DF2CE8058300
                                                                                                                                                                                                                                        Function 00007FFB1BB159F0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$Module_State
                                                                                                                                                                                                                                        • String ID: Missing required parameter 'digestmod'.$key is too long.
                                                                                                                                                                                                                                        • API String ID: 450183790-3184708805
                                                                                                                                                                                                                                        • Opcode ID: d8eec63e60bd6725f75cc729e7e5521c39624e15549447ab7b87dea330158dca
                                                                                                                                                                                                                                        • Instruction ID: 8c860dad2124adf12f788d095f13c62911e08c0397055a43573a0a11088d8f2b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8eec63e60bd6725f75cc729e7e5521c39624e15549447ab7b87dea330158dca
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0341D7A9B09E42C1EA649B26F44437A63A2FF84BA4F58E131DD4D47F74DF2CE5468700
                                                                                                                                                                                                                                        Function 00007FFB0BE463E8 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ModuleModule_StateType_$Arg_$KeywordsPositional
                                                                                                                                                                                                                                        • String ID: MemoryBIO
                                                                                                                                                                                                                                        • API String ID: 1528309267-1677681617
                                                                                                                                                                                                                                        • Opcode ID: ac3ad1e4320f475f97db6bbd918e1a41e174b8c6e92e6ce3baa6e362c84d72b5
                                                                                                                                                                                                                                        • Instruction ID: 9073645fc72ded83a9233432b68519e852d6850e6912f2dbc78a86156a5ab15c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac3ad1e4320f475f97db6bbd918e1a41e174b8c6e92e6ce3baa6e362c84d72b5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C3103A5B09B0285EA58CF22E9449796361FB89FC0B48CC71DA4F97774DF7CE8558310
                                                                                                                                                                                                                                        Function 00007FFB1C4FCB50 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Long$Occurred$DeallocLong_$ClearFormatNumber_Unsigned
                                                                                                                                                                                                                                        • String ID: Unable to convert %s to pointer-sized value
                                                                                                                                                                                                                                        • API String ID: 1465853305-2431006615
                                                                                                                                                                                                                                        • Opcode ID: 306ae4e320c1cea4b1eea3311f62be7b47033ee4e90f617bb27fd133e88da030
                                                                                                                                                                                                                                        • Instruction ID: 189fddbd17072b812dde4d4b0be51781c6bb82ebca4874bf21d8809999e4f9e6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 306ae4e320c1cea4b1eea3311f62be7b47033ee4e90f617bb27fd133e88da030
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E2112E5B09F4281EA949F75F8491B82761EF88BB4F285630D97E423D5DF3CE4A48304
                                                                                                                                                                                                                                        Function 00007FFB0BE4A80C Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$MallocMem_MemoryStringi2d_
                                                                                                                                                                                                                                        • String ID: Invalid session$i2d() failed.
                                                                                                                                                                                                                                        • API String ID: 982646903-1562711913
                                                                                                                                                                                                                                        • Opcode ID: a38ae94eb19d34d6d67b91413c2b4dc5818f918adff7448f8c0b49522bb4b12f
                                                                                                                                                                                                                                        • Instruction ID: 83f1be27c7ec4acfd47ee4e65b2b357ef26e0065227dd09d89c4ab34feacb4c7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a38ae94eb19d34d6d67b91413c2b4dc5818f918adff7448f8c0b49522bb4b12f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65212FA0B0DB4281FA589B36F85483963A0FF88BD0B44D831D94FC6A74DF3CE8459700
                                                                                                                                                                                                                                        Function 00007FFB1C4FBDB0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 38threadmemoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_SwapThread$ErrorFatalFunc$AllocLocalValue
                                                                                                                                                                                                                                        • String ID: Out of memory allocating thread state.$PyWinInterpreterState_Ensure$pywintypes: can not setup interpreter state, as current state is invalid
                                                                                                                                                                                                                                        • API String ID: 4234957216-1490924957
                                                                                                                                                                                                                                        • Opcode ID: 0a319b0fd0aafac62257f36af737fde3d1d8f5d32aed018c8cfaf3c98ba94a8c
                                                                                                                                                                                                                                        • Instruction ID: d4311ea410a8a24057e32dc8e2d7fce319bb622a21792779fe703cb0fa04b71c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a319b0fd0aafac62257f36af737fde3d1d8f5d32aed018c8cfaf3c98ba94a8c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD11C8E4A09F0682EAD49B24E85E2A527A2BF98B78F600439C50E42764DF3CE468C700
                                                                                                                                                                                                                                        Function 00007FFB0BE47DA4 Relevance: 18.1, APIs: 12, Instructions: 72threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_H_freeThread_errno$Err_ErrnoFilenameFromHparamsM_read_ObjectPy_fopen_objR_clear_errorRestoreSaveWithX_ctrlfclose
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1346594628-0
                                                                                                                                                                                                                                        • Opcode ID: 168861005df625342b54cff01318929ff06998059f78d87399b31afe7503b83d
                                                                                                                                                                                                                                        • Instruction ID: 5832f892fcb3efa9ae094d402bab452a1fbb0a57aa07a2566d4cf4118ab78a24
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 168861005df625342b54cff01318929ff06998059f78d87399b31afe7503b83d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 243128B6A08A5282E7189B76ED1492973A0FF88F95B44C931DE4F83B34DF7CE8458741
                                                                                                                                                                                                                                        Function 00007FFB0BE44850 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$CallEnsureErr_FetchFunction_L_get_ex_dataObjectObject_SizeState_Weakref_
                                                                                                                                                                                                                                        • String ID: Osiiiy#$read$write
                                                                                                                                                                                                                                        • API String ID: 671906545-708132800
                                                                                                                                                                                                                                        • Opcode ID: 7ab5205ec6ef44a287483cec695da211ea8d961a587a7421e4f0f9849ceb442b
                                                                                                                                                                                                                                        • Instruction ID: 0b903e83fb8a5e210fbdd5e4ca488e9d9dfca8fd88b7bb8f1b2357e9442cea87
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ab5205ec6ef44a287483cec695da211ea8d961a587a7421e4f0f9849ceb442b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B414CB2A08A8681E72C8F35D854A7977B0FB88B94F048935DA5F837A4DF3CE505C700
                                                                                                                                                                                                                                        Function 00007FFB1C4FC700 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 89timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32 ref: 00007FFB1C4FC73D
                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32 ref: 00007FFB1C4FC76F
                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32 ref: 00007FFB1C4FC7A2
                                                                                                                                                                                                                                        • PyLong_FromUnsignedLong.PYTHON311 ref: 00007FFB1C4FC7DB
                                                                                                                                                                                                                                        • PyLong_FromUnsignedLong.PYTHON311 ref: 00007FFB1C4FC7E8
                                                                                                                                                                                                                                        • PyLong_FromUnsignedLong.PYTHON311 ref: 00007FFB1C4FC7F5
                                                                                                                                                                                                                                        • PyLong_FromUnsignedLong.PYTHON311 ref: 00007FFB1C4FC802
                                                                                                                                                                                                                                        • _Py_BuildValue_SizeT.PYTHON311 ref: 00007FFB1C4FC840
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC0BB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC12A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyUnicode_DecodeMBCS.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC1FB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC210
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC228
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyErr_SetObject.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC23D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_Dealloc.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC24C
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FA170: PyObject_GetAttrString.PYTHON311(?,?,?,?,?,?,?,?,?,00007FFB1C4F99ED), ref: 00007FFB1C4FA1B4
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FA170: _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,?,?,00007FFB1C4F99ED), ref: 00007FFB1C4FA213
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Time$FromLongLong_Unsigned$FileSystem$BuildDeallocSizeValue_$AttrDecodeErr_ErrorFormatFreeLastLocalMessageObjectObject_StringUnicode_
                                                                                                                                                                                                                                        • String ID: FileTimeToSystemTime$lNNNNNNNuu
                                                                                                                                                                                                                                        • API String ID: 198253700-4021486075
                                                                                                                                                                                                                                        • Opcode ID: e6d6883c19f78b33294527e7cc7e6ce0a40404c01824ac6149262f1092ded49d
                                                                                                                                                                                                                                        • Instruction ID: c5670d70bbef3519938063550b873e2e1c8d8de41a1ee257e2d61c821c2f8d1c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6d6883c19f78b33294527e7cc7e6ce0a40404c01824ac6149262f1092ded49d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D54171B2A08F4291E660DB25F8495EA73A6FB847A4F614032DA4D83765DF3CE455C700
                                                                                                                                                                                                                                        Function 00007FFB1C4FAED0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                        • String ID: <NULL!!>$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                        • API String ID: 3849944921-1275048830
                                                                                                                                                                                                                                        • Opcode ID: 7e30da2b971ec5ef442a50025af65882adaaffdf2c495bf36d5b76de17b2b87f
                                                                                                                                                                                                                                        • Instruction ID: 6f65f81c29cfe722a8d133d56aab9e29fa6ec10c99d24835c9de44cf53a0ff62
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e30da2b971ec5ef442a50025af65882adaaffdf2c495bf36d5b76de17b2b87f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 233112F1B19F4281EB90CF29E4991A96362FB88BA4F645031EA4D87765DF2CD464C710
                                                                                                                                                                                                                                        Function 00007FFB0BE45C80 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 59threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocEval_Thread$Err_FormatSave$ArgsCallObject_RestoreStringUnicode_memcpy
                                                                                                                                                                                                                                        • String ID: password callback must return a string$password cannot be longer than %d bytes
                                                                                                                                                                                                                                        • API String ID: 1551476282-1265974473
                                                                                                                                                                                                                                        • Opcode ID: 97e6996d9a578b2108ed1e32b75247b01c39987d4a403124ba618c9afb5ca1cc
                                                                                                                                                                                                                                        • Instruction ID: bf111cda5b1959c2d338354d3b81486bd5222389a78d06cfd7e0229cca513cba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97e6996d9a578b2108ed1e32b75247b01c39987d4a403124ba618c9afb5ca1cc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C2107B5A08A4282EB589F31E95497923A0FF55F94F14C831DA0F866A8DF3CE854C780
                                                                                                                                                                                                                                        Function 00007FFB1C4FBCE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_GetAttrString.PYTHON311 ref: 00007FFB1C4FBCFC
                                                                                                                                                                                                                                        • PyErr_Clear.PYTHON311 ref: 00007FFB1C4FBD0A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyNumber_Long.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB65
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB73
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyLong_AsLongLong.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB81
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB90
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Clear.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB9B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyLong_AsUnsignedLongLong.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBA4
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBB3
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: _Py_Dealloc.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBC7
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Format.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBE6
                                                                                                                                                                                                                                        • PyCallable_Check.PYTHON311 ref: 00007FFB1C4FBD18
                                                                                                                                                                                                                                        • PyObject_CallObject.PYTHON311 ref: 00007FFB1C4FBD27
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311 ref: 00007FFB1C4FBD39
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311 ref: 00007FFB1C4FBD6F
                                                                                                                                                                                                                                        • PyErr_Clear.PYTHON311 ref: 00007FFB1C4FBD79
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311 ref: 00007FFB1C4FBD90
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Long$ClearDeallocOccurred$Long_Object_String$AttrCallCallable_CheckFormatNumber_ObjectUnsigned
                                                                                                                                                                                                                                        • String ID: Expected a socket object or numeric socket handle$fileno
                                                                                                                                                                                                                                        • API String ID: 4289764861-511972153
                                                                                                                                                                                                                                        • Opcode ID: 005184cfd4f3e894bbfca97ae9a51fced4aeae0c2b7949b58767305df414f3d3
                                                                                                                                                                                                                                        • Instruction ID: c883d209f404ce987fa3fa3ef6b83549bb21a146f8dc91089abf02f5abcb97bf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 005184cfd4f3e894bbfca97ae9a51fced4aeae0c2b7949b58767305df414f3d3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C2127E1B0CE4281EE949F36F9491B96363AFC5BE8F284071DA1E87765DF2CE4658301
                                                                                                                                                                                                                                        Function 00007FFB1C4F9840 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Object_$AttrCallImportImport_MethodModuleStringTuple_
                                                                                                                                                                                                                                        • String ID: TimeZoneInfo$utc$win32timezone
                                                                                                                                                                                                                                        • API String ID: 4031171350-3909237026
                                                                                                                                                                                                                                        • Opcode ID: 5de98e753ab8ba52291d9a4410a2c06baa6bda83b56fdd3dbf67cd89d8fca88c
                                                                                                                                                                                                                                        • Instruction ID: c13e12db0dd3db48a042154888786e99bc7649a12e31ddeed0f4db511995d450
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5de98e753ab8ba52291d9a4410a2c06baa6bda83b56fdd3dbf67cd89d8fca88c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B2130E5A1DF8681FE948F39E85D1F933A2AF94BB4F681435C90D46350EF2CE4648300
                                                                                                                                                                                                                                        Function 00007FFB1BB13C20 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                                                        • Opcode ID: 0ae5386f1d1c3a85642856ccc9cb01702fbaebfd570c757e9e6ad26eb7d02e92
                                                                                                                                                                                                                                        • Instruction ID: 13760b2734e103c0629d93f2825148478aa5329c5ae3ae95fec5ffb8611e2ca2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ae5386f1d1c3a85642856ccc9cb01702fbaebfd570c757e9e6ad26eb7d02e92
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD816BE9E09E02D6F670AB76F48137B6692FF457A0F14E035D90D47EB6EE2CE8418600
                                                                                                                                                                                                                                        Function 00007FFB1D341100 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429922505.00007FFB1D341000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB1D340000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429853098.00007FFB1D340000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429947748.00007FFB1D342000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429971284.00007FFB1D343000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1430006201.00007FFB1D344000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1d340000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                                                        • Opcode ID: d573cd7bf0bafa259f49a36843b2703105abc7edda614b8f92858340699d7a94
                                                                                                                                                                                                                                        • Instruction ID: 87708226641709c3e0482252d74bd02eb7bf4034f11079eaa1e987a40f999a52
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d573cd7bf0bafa259f49a36843b2703105abc7edda614b8f92858340699d7a94
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38815AF1F08E4386FA50AB76F4412B9E692AF9D7A0F044235DA0D97796FF3CE8458600
                                                                                                                                                                                                                                        Function 00007FFB0BE4284C Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                                                        • Opcode ID: b379dc79f97cd91cd53f69f44a243d66410c7e7f21cedc3dcf6536c35644c225
                                                                                                                                                                                                                                        • Instruction ID: 72285a0052c46469767c3405c719dcbeec12a36c6adef0d77045db4fe00aabc9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b379dc79f97cd91cd53f69f44a243d66410c7e7f21cedc3dcf6536c35644c225
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80819DA0E2C64746F65C9B36E841A796390AF85784F54C839FB4FC77B6DF2CE8458600
                                                                                                                                                                                                                                        Function 00007FFB0BE42378 Relevance: 16.6, APIs: 11, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_$FromModuleSpecTypeType_$State
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1138651315-0
                                                                                                                                                                                                                                        • Opcode ID: ab42b90efd24c11ab2ebf7dd57a6bf1e12de6fda1955507c320ba61770d59430
                                                                                                                                                                                                                                        • Instruction ID: d23833d71caca3e5c6fec1ac89cce255b23209969ac6129a17918b5adef422ae
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab42b90efd24c11ab2ebf7dd57a6bf1e12de6fda1955507c320ba61770d59430
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A31CAA5B29B4792EE5C9F35E85496523A0FF09B81B44DD34DE1F82B64EF3CE454C600
                                                                                                                                                                                                                                        Function 00007FFB0BE41350 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_KeywordsObject_SizeTrueUnicode_Unpack
                                                                                                                                                                                                                                        • String ID: argument 'txt'$embedded null character$str$txt2obj
                                                                                                                                                                                                                                        • API String ID: 3371007025-2001486153
                                                                                                                                                                                                                                        • Opcode ID: b79f212e404c0016b8a93dbc6358f5c76363c4b0137c4fc4827873fe36dc2c0c
                                                                                                                                                                                                                                        • Instruction ID: 5df366b4a25c5f6c27c3c99cb9e85239909461b0fc306a64bdb98c08e78a6010
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b79f212e404c0016b8a93dbc6358f5c76363c4b0137c4fc4827873fe36dc2c0c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 563161A2A0CA4285EE648B31E850BB96760FB85BA4F54C931DA5FC77B8DF3CD485C701
                                                                                                                                                                                                                                        Function 00007FFB0BE48BB8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentErr_KeywordsL_get_finishedL_session_reusedSizeStringUnicode_Unpackstrcmp
                                                                                                                                                                                                                                        • String ID: argument 'cb_type'$embedded null character$get_channel_binding$str$tls-unique
                                                                                                                                                                                                                                        • API String ID: 2734880604-851902044
                                                                                                                                                                                                                                        • Opcode ID: e953dfc5e08f142bf91c66fefa6f657f5d962f427c7115de33690262bbf00d54
                                                                                                                                                                                                                                        • Instruction ID: 7662fae7ac48da6f81a14917edcb48e5c063c0db5e1b264d6d3e47113b460347
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e953dfc5e08f142bf91c66fefa6f657f5d962f427c7115de33690262bbf00d54
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C73171A1A09A4285EA54CF35E840A796360BF44B90F58C935DE5F87BF8DF7CE845C701
                                                                                                                                                                                                                                        Function 00007FFB0BE4BDB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_StringX_callback_ctrl
                                                                                                                                                                                                                                        • String ID: not a callable object$sni_callback cannot be set on TLS_CLIENT context
                                                                                                                                                                                                                                        • API String ID: 3136334877-1539510184
                                                                                                                                                                                                                                        • Opcode ID: c8a41b7ce688c110b1c2de474991058cd112158086c46f10bfdea0116a3044f9
                                                                                                                                                                                                                                        • Instruction ID: 7481ec764a8f934ad2b20897c0b81317ddf8b0ef671d4efc31f17e51fe8c270f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8a41b7ce688c110b1c2de474991058cd112158086c46f10bfdea0116a3044f9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4321FCB1A08902C2EB589F35D994A783360EF88B98F50D931CA1F86674DF3CD945C700
                                                                                                                                                                                                                                        Function 00007FFB1C4FBEC0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 36memorythreadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFatalFuncValue$AllocLocalState_Thread
                                                                                                                                                                                                                                        • String ID: Can not setup thread state, as have no interpreter state$Out of memory allocating thread state.$PyWinThreadState_Ensure
                                                                                                                                                                                                                                        • API String ID: 1925565299-3250566352
                                                                                                                                                                                                                                        • Opcode ID: 020a01e28850445bc633342dbd0cd7c1d41f4877fd00b135b89e937725323907
                                                                                                                                                                                                                                        • Instruction ID: f7c1ee681ee671b1ac71b9906c098e236a4323fb475823a3a0c9208ae0d158fe
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 020a01e28850445bc633342dbd0cd7c1d41f4877fd00b135b89e937725323907
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 291100F4A09E02C2EA949B24EC5E2E56362BF98738F600435C50D86665DF7CE579C700
                                                                                                                                                                                                                                        Function 00007FFB0BE4248C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FromInternStringUnicode_$Module_State
                                                                                                                                                                                                                                        • String ID: library$reason$verify_code$verify_message
                                                                                                                                                                                                                                        • API String ID: 1970222510-435783180
                                                                                                                                                                                                                                        • Opcode ID: e43a982a4d20c21aa9cf82347013f4d6da6c384424b1c18d6deff757261a6bb6
                                                                                                                                                                                                                                        • Instruction ID: b37ecef4caa0abd17d0e62ba6dde0cfc060a9d4e90046565dc46ac69c7a22383
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e43a982a4d20c21aa9cf82347013f4d6da6c384424b1c18d6deff757261a6bb6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4401B6A0A1AB0781FE5D9B35EC54A7423A0BF58B11F488935DA5FC53B4EF3CA499C310
                                                                                                                                                                                                                                        Function 00007FFB1BB12910 Relevance: 15.1, APIs: 10, Instructions: 68COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocX_free$Bytes_DigestErr_FinalFromMemorySizeStringX_copyX_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3259613670-0
                                                                                                                                                                                                                                        • Opcode ID: 9b95d1cc9533dc44d46eda07773ff239f3ef81058440ca353f31792bb24996c7
                                                                                                                                                                                                                                        • Instruction ID: 2b423a7ed717d21e62724bd6b67de09eb26333c0adf392291a401c4639b437eb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b95d1cc9533dc44d46eda07773ff239f3ef81058440ca353f31792bb24996c7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB21F0E9A58E46C1EA349F36F95427B63A2FF49BE0B08A430DD0E47F75DE2CE5558200
                                                                                                                                                                                                                                        Function 00007FFB1BB15880 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_Buffer_$ArgumentBufferContiguousKeywordsObject_ReleaseUnpack
                                                                                                                                                                                                                                        • String ID: argument 'key'$contiguous buffer$hmac_new
                                                                                                                                                                                                                                        • API String ID: 3699177490-206859838
                                                                                                                                                                                                                                        • Opcode ID: be4a5e5cb043382385c8e56063db44d67a9e194f9d9e7f5dcfaf608de027ec72
                                                                                                                                                                                                                                        • Instruction ID: 71ef4610159700feca83a2752bd22a31dfc0f17e58892dcbd099293459a9c0aa
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be4a5e5cb043382385c8e56063db44d67a9e194f9d9e7f5dcfaf608de027ec72
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A418496A09F82C2EA308F22F4407AAA362FB857E4F44A135DE8D07B65DF7CE545C700
                                                                                                                                                                                                                                        Function 00007FFB1C4FBAB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Buffer_Err_Release$BufferFormatFreeMem_Object_String
                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                        • API String ID: 1675121998-686265896
                                                                                                                                                                                                                                        • Opcode ID: 7d5054bd54e457542c78c5da24600959f849b67ffbf4e39e22cc04c8c3d3d3a0
                                                                                                                                                                                                                                        • Instruction ID: 1e0cc287e9db4a9d8de808e930ec4615329d33663362a7f3f5136600f8b2a3cd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d5054bd54e457542c78c5da24600959f849b67ffbf4e39e22cc04c8c3d3d3a0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8312FE1A09E5181EB948F35E4493B82362FB85BA8F644031DE5D83AA8DF3CEC65C340
                                                                                                                                                                                                                                        Function 00007FFB0BE44188 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_L_is_init_finishedL_set_sessionN_freeString
                                                                                                                                                                                                                                        • String ID: Cannot set session after handshake.$Cannot set session for server-side SSLSocket.$Session refers to a different SSLContext.$Value is not a SSLSession.
                                                                                                                                                                                                                                        • API String ID: 2514955158-3160731334
                                                                                                                                                                                                                                        • Opcode ID: dee97a55a59e7a6def81a51b116d3635bd8e83f8f322b7f5a8e166ee412611cc
                                                                                                                                                                                                                                        • Instruction ID: 3b2e16b3afed99c5a3ca11d629aa6e8b4e2ae94dfc23be9485bf00a5e0a8d4eb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dee97a55a59e7a6def81a51b116d3635bd8e83f8f322b7f5a8e166ee412611cc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A82119A5B08A5281EA18CB36D844A3923B1FF95B84B54C931DA1EC77F8DF2CE855C740
                                                                                                                                                                                                                                        Function 00007FFB0BE4A298 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                                                                                                                                                                                        • String ID: argument 'store_name'$embedded null character$enum_crls$str
                                                                                                                                                                                                                                        • API String ID: 2966986319-2641223161
                                                                                                                                                                                                                                        • Opcode ID: 3ab7df0aa195f93d4b1826f7b4c2f68fa16f1f5b6a78cb5a68cf06513941c985
                                                                                                                                                                                                                                        • Instruction ID: 9c33d2ca1bacda871254f617b4ad8d7537e64915618fe9bc3d32b0916dcf0823
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ab7df0aa195f93d4b1826f7b4c2f68fa16f1f5b6a78cb5a68cf06513941c985
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84214CE5A49B0285EE588B35E840A7967A0FF44BA0F44DA35D95F837B4EF3CE844D700
                                                                                                                                                                                                                                        Function 00007FFB0BE49F4C Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                                                                                                                                                                                        • String ID: argument 'store_name'$embedded null character$enum_certificates$str
                                                                                                                                                                                                                                        • API String ID: 2966986319-2881692381
                                                                                                                                                                                                                                        • Opcode ID: 200aea3d26f47611638a898786167659f258fde4c95821b7cdbeac967ece7da9
                                                                                                                                                                                                                                        • Instruction ID: aab64be657d3b7f02a4729c75c94837a90f2b47a974b04cfae75ac96d86d43fc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 200aea3d26f47611638a898786167659f258fde4c95821b7cdbeac967ece7da9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15214CE1A09B0285EE588B34E840A7563A0BF48BA0F44DA36D95F837B4EF3DE845D700
                                                                                                                                                                                                                                        Function 00007FFB0BE487F4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ConverterDeallocErr_FormatJ_sn2nidR_clear_errorR_peek_last_errorUnicode_X_ctrlY_freeY_new_by_curve_name
                                                                                                                                                                                                                                        • String ID: unknown elliptic curve name %R
                                                                                                                                                                                                                                        • API String ID: 422946741-553976147
                                                                                                                                                                                                                                        • Opcode ID: a4bfe907c8b87ae24caed81057ba8d53e64b951ffff3e8c142921849db29dc8e
                                                                                                                                                                                                                                        • Instruction ID: 3bbb72c7b84bc2df7b8cee7673712f1803fdee71e8fc82e153e0d5243835d3eb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4bfe907c8b87ae24caed81057ba8d53e64b951ffff3e8c142921849db29dc8e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9121E7A5B18A8282EB189B76EC549396360FF88B94F44C835DA4FC7B74DF6CE8458700
                                                                                                                                                                                                                                        Function 00007FFB0BE48F54 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • SSL_is_init_finished.LIBSSL-1_1(?,?,00000000,00007FFB0BE48F32), ref: 00007FFB0BE48F6C
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311(?,?,00000000,00007FFB0BE48F32), ref: 00007FFB0BE48F87
                                                                                                                                                                                                                                        • SSL_get_peer_certificate.LIBSSL-1_1(?,?,00000000,00007FFB0BE48F32), ref: 00007FFB0BE48F95
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_L_get_peer_certificateL_is_init_finishedString
                                                                                                                                                                                                                                        • String ID: handshake not done yet
                                                                                                                                                                                                                                        • API String ID: 1706561194-2620869922
                                                                                                                                                                                                                                        • Opcode ID: 6692af337e398f3ce304ced0c553ac0363e471afb6ea34c4cde744985de698e7
                                                                                                                                                                                                                                        • Instruction ID: 51808a6eb5c38294c819cea6548c2eb96ad3ea8627d845d97767310d2ac30a12
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6692af337e398f3ce304ced0c553ac0363e471afb6ea34c4cde744985de698e7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9621D6A1B08A4681EA189B36ED549396361FF98F94B14C931DE0FC7774DF2CE891D700
                                                                                                                                                                                                                                        Function 00007FFB1C4F9A20 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocObject_$AttrBuildCallSizeStringTuple_Value
                                                                                                                                                                                                                                        • String ID: (s)$strftime
                                                                                                                                                                                                                                        • API String ID: 4125559156-1254993691
                                                                                                                                                                                                                                        • Opcode ID: 9fc25bf5d62dce09a2f9ce9bd2ef272ccf00cd2d99c6ae13972af19a56584db7
                                                                                                                                                                                                                                        • Instruction ID: ab64d2cb889930e65371c2bbe7fd0929266058c4145424dd6b499e377e78bd37
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fc25bf5d62dce09a2f9ce9bd2ef272ccf00cd2d99c6ae13972af19a56584db7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C114CE5E0DF8281EE859F26E9491B563A2AF94FE0F6C4034DE0D47B54EF2CE4248700
                                                                                                                                                                                                                                        Function 00007FFB0BE48CCC Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Bytes_Err_FormatFromL_get_finishedL_get_peer_finishedL_session_reusedSizeStringstrcmp
                                                                                                                                                                                                                                        • String ID: '%s' channel binding type not implemented$tls-unique
                                                                                                                                                                                                                                        • API String ID: 797867279-2744131590
                                                                                                                                                                                                                                        • Opcode ID: 3a8b3d54c6c77e520960b34a1996953a6afa4616a354565693ad0c0ec0d00499
                                                                                                                                                                                                                                        • Instruction ID: 6504c5fb38cbbcbccfaea12999208f4219e696070ecb33f01e8377574b589a77
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a8b3d54c6c77e520960b34a1996953a6afa4616a354565693ad0c0ec0d00499
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 351159A1B0DA4282EA189B35E890B7923A0FF98BC4F44C835CA0FC7674DF2CE8558310
                                                                                                                                                                                                                                        Function 00007FFB1C4F8750 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                        • String ID: (ii)$:GetSecurityDescriptorControl$GetSecurityDescriptorControl$GetSecurityDescriptorControl - invalid sd
                                                                                                                                                                                                                                        • API String ID: 1292091245-2499011972
                                                                                                                                                                                                                                        • Opcode ID: 50aab527a6cbd419c71da1e60fd17c7ef62522690ead1b72b54ccfd2af29bb4b
                                                                                                                                                                                                                                        • Instruction ID: c59a05ae155190754084933d604da0a87d8ec9c55702a6c098974de69e793a60
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50aab527a6cbd419c71da1e60fd17c7ef62522690ead1b72b54ccfd2af29bb4b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3018ED2F1C90292FB948B76E84A0F623A2EFC4B64FA85035D90E86255EF2CD4A58700
                                                                                                                                                                                                                                        Function 00007FFB0BE46C48 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_Releasememset
                                                                                                                                                                                                                                        • String ID: _set_alpn_protocols$argument$contiguous buffer
                                                                                                                                                                                                                                        • API String ID: 365628853-4024966138
                                                                                                                                                                                                                                        • Opcode ID: 072ea895e3229528d4ecb801e12a168f61b651dcae54280ba36ec2bd0070b68b
                                                                                                                                                                                                                                        • Instruction ID: 800399e523c03a0328f216a54fa653ec8b5bf7e06861ecdec089c81f055d2d34
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 072ea895e3229528d4ecb801e12a168f61b651dcae54280ba36ec2bd0070b68b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC11B6A2B18A4681EB148F35E844A796361FB88FC4F94C535D95E83774DF3CE949C700
                                                                                                                                                                                                                                        Function 00007FFB0BE49940 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_Releasememset
                                                                                                                                                                                                                                        • String ID: argument$contiguous buffer$write
                                                                                                                                                                                                                                        • API String ID: 365628853-2056178395
                                                                                                                                                                                                                                        • Opcode ID: 21182f7cfe5047ede1d0e1951633af7c1561b0af17f199ac6d1fd2d3793e9b9b
                                                                                                                                                                                                                                        • Instruction ID: 7cb95da049d1948048706ff21588094aef9317063d500470bb3860c0a7a2dea3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21182f7cfe5047ede1d0e1951633af7c1561b0af17f199ac6d1fd2d3793e9b9b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3911B6A6B0864681EB148F36E840AB96360FB88BC4F54C535DA4E93634DF3CD989C700
                                                                                                                                                                                                                                        Function 00007FFB0BE466E8 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_Releasememset
                                                                                                                                                                                                                                        • String ID: argument$contiguous buffer$write
                                                                                                                                                                                                                                        • API String ID: 365628853-2056178395
                                                                                                                                                                                                                                        • Opcode ID: f94e1cf9e105f5068e132f5e984caeebe0f3e2ae032a3602a3637574dcd71f5f
                                                                                                                                                                                                                                        • Instruction ID: b51e4686c862ab9ab3186907eb62ae374ad2370ea1561ecd259d5a43ae741a3a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f94e1cf9e105f5068e132f5e984caeebe0f3e2ae032a3602a3637574dcd71f5f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D911B6A2B1874682EB148F35E844A796360FB88FC4F54C575D95E83A38DF3CD949C700
                                                                                                                                                                                                                                        Function 00007FFB0BE467DC Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyErr_Format.PYTHON311(?,?,?,?,00000000,00007FFB0BE4676A), ref: 00007FFB0BE46804
                                                                                                                                                                                                                                        • PyType_GetModule.PYTHON311(?,?,?,?,00000000,00007FFB0BE4676A), ref: 00007FFB0BE4681C
                                                                                                                                                                                                                                        • PyModule_GetState.PYTHON311(?,?,?,?,00000000,00007FFB0BE4676A), ref: 00007FFB0BE4682A
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311(?,?,?,?,00000000,00007FFB0BE4676A), ref: 00007FFB0BE4683B
                                                                                                                                                                                                                                        • BIO_write.LIBCRYPTO-1_1(?,?,?,?,00000000,00007FFB0BE4676A), ref: 00007FFB0BE4684E
                                                                                                                                                                                                                                        • PyType_GetModuleState.PYTHON311(?,?,?,?,00000000,00007FFB0BE4676A), ref: 00007FFB0BE4685C
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE46120: ERR_peek_last_error.LIBCRYPTO-1_1 ref: 00007FFB0BE46138
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE46120: ERR_clear_error.LIBCRYPTO-1_1 ref: 00007FFB0BE46164
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_ModuleStateType_$FormatModule_O_writeR_clear_errorR_peek_last_errorString
                                                                                                                                                                                                                                        • String ID: cannot write() after write_eof()$string longer than %d bytes
                                                                                                                                                                                                                                        • API String ID: 11717643-118187971
                                                                                                                                                                                                                                        • Opcode ID: 8ff8ec8d52fed249de38277894b114c71dbf67a941f4867029680275a64fa3ac
                                                                                                                                                                                                                                        • Instruction ID: 70ba55189cff1b5e3f56d02c3b5600351d0216cce7e4e189f60ebe730d3ae05c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ff8ec8d52fed249de38277894b114c71dbf67a941f4867029680275a64fa3ac
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6113DA6F1891686EB189B35D85497823A0FF89B44B10CC75C91FCB670DF7CE886D700
                                                                                                                                                                                                                                        Function 00007FFB0BE46CF8 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Mem_$FormatFreeMallocMemory
                                                                                                                                                                                                                                        • String ID: protocols longer than %u bytes
                                                                                                                                                                                                                                        • API String ID: 2903777688-895981740
                                                                                                                                                                                                                                        • Opcode ID: 69654572a4c0bbbd3e410e0b1f44dd2fae2a9581dece60e493ebe11faee5c80e
                                                                                                                                                                                                                                        • Instruction ID: 52d05aa22e3ffc6a89d7f5532cab1eef6b21471ef0a12dea7bf9e9f9c24c603d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69654572a4c0bbbd3e410e0b1f44dd2fae2a9581dece60e493ebe11faee5c80e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB11D7E5B08A0296EB189F36E9548282370FB49B94B10CD36CE2FC7774DF38E8659340
                                                                                                                                                                                                                                        Function 00007FFB1C4FE8E8 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                                                        • Opcode ID: 07084b0a43bc362f32777b0d2435c41e842a76ff54320d82ad2aafbbbcd1a1c5
                                                                                                                                                                                                                                        • Instruction ID: 2ab95a9208f9e80bcd20dc3d12a0691d637434c2361a0bd09056f67aed88d15e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07084b0a43bc362f32777b0d2435c41e842a76ff54320d82ad2aafbbbcd1a1c5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C08190E0E1CE4386FAA09B79D4492F927D3AF85BA9F344035D94D43796DE3CE521C600
                                                                                                                                                                                                                                        Function 00007FFB0BE47514 Relevance: 13.6, APIs: 9, Instructions: 68COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_num$L_freeL_get_ciphersL_newL_sk_valueList_R_clear_errorR_peek_last_error
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 722909353-0
                                                                                                                                                                                                                                        • Opcode ID: 18de1d85c9995720459239cdcc535ad0f697e27e1169de77783288c1fdff9898
                                                                                                                                                                                                                                        • Instruction ID: 4568ccdba2b10234cb94f78fec2a55a061e0ee8f9c462907ff7f91223e152590
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18de1d85c9995720459239cdcc535ad0f697e27e1169de77783288c1fdff9898
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC2119A1A19B4686EA189F76E954A3973A0EF88F91B14C834CE5FC7774DF3CE8458340
                                                                                                                                                                                                                                        Function 00007FFB0BE46DA8 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 120COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentErr_KeywordsLong_OccurredSubtypeType_Unpack
                                                                                                                                                                                                                                        • String ID: _wrap_bio$argument 'incoming'$argument 'outgoing'
                                                                                                                                                                                                                                        • API String ID: 1983060003-586963342
                                                                                                                                                                                                                                        • Opcode ID: 934bb777209a5b795eb8576befc329c93180722bbc0a13f3f9aee7d7396934df
                                                                                                                                                                                                                                        • Instruction ID: 98884ffe30d1b246aea787f9e6f5ab9085e67e015f112d287f03e34c60153adb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 934bb777209a5b795eb8576befc329c93180722bbc0a13f3f9aee7d7396934df
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F4195A2B09B4296EA58CF22E940A6963A4FF45BD4F408936DE4E83B74DF3CE555C300
                                                                                                                                                                                                                                        Function 00007FFB1BB15D1C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 69threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Eval_FormatStringThread$Bytes_ClearFromModule_R_peek_last_errorRestoreSaveSizeState
                                                                                                                                                                                                                                        • String ID: key is too long.$msg is too long.
                                                                                                                                                                                                                                        • API String ID: 2257326627-4266787399
                                                                                                                                                                                                                                        • Opcode ID: 5e928f10830ea08379dd50c6ad13667a356daf03ef8cf86fcf4c38976168b7b9
                                                                                                                                                                                                                                        • Instruction ID: 6bc67c849269b5783f4a69732a7f26f6e94278e8095035f51d4ed7386dccaf2a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e928f10830ea08379dd50c6ad13667a356daf03ef8cf86fcf4c38976168b7b9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 733150A6A08F82C2E670CB21F44436A6362FB897A4F14A235DA9D47F64DF7CE1458700
                                                                                                                                                                                                                                        Function 00007FFB1C4F58F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64registryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311 ref: 00007FFB1C4F5958
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyNumber_Long.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB65
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB73
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyLong_AsLongLong.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB81
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB90
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Clear.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB9B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyLong_AsUnsignedLongLong.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBA4
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBB3
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: _Py_Dealloc.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBC7
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Format.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBE6
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311 ref: 00007FFB1C4F5999
                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32 ref: 00007FFB1C4F59AC
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Long$Occurred$Long_String$ClearCloseDeallocFormatNumber_Unsigned
                                                                                                                                                                                                                                        • String ID: HANDLE must be a PyHKEY$PyHKEY$RegCloseKey$The object is not a PyHANDLE object
                                                                                                                                                                                                                                        • API String ID: 3516211060-2695813183
                                                                                                                                                                                                                                        • Opcode ID: 1a57fed2cd3e7acf156d10d29665204d861f7725d6d5a10edc45286d77e0ebe1
                                                                                                                                                                                                                                        • Instruction ID: 9a6eafdc265a2e3c8cc6f40d3a6ab844968d4d7914f07b6b988425e4bfae57c3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a57fed2cd3e7acf156d10d29665204d861f7725d6d5a10edc45286d77e0ebe1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F02179E1B1CE42C1EB948B35E4990B923A3EFC4BB8F645031DA4E87654DF2CE4A5C340
                                                                                                                                                                                                                                        Function 00007FFB1C4F6350 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FFB1C4F63C1
                                                                                                                                                                                                                                        • LARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FFB1C4F63FE
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Long$Arg_Long_OccurredParseStringTupleWarn
                                                                                                                                                                                                                                        • String ID: LARGE_INTEGER must be 'int', or '(int, int)'$Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead
                                                                                                                                                                                                                                        • API String ID: 3944559157-3919795897
                                                                                                                                                                                                                                        • Opcode ID: c9190ae15362eaa793a3214cec4d5ce6015c218a5c09f42dfda851c5b17d2ffc
                                                                                                                                                                                                                                        • Instruction ID: 6f9b98e91c7c748bd470873a6fdb67a80a2fc30f4839cb1987a0c81edf286095
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9190ae15362eaa793a3214cec4d5ce6015c218a5c09f42dfda851c5b17d2ffc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B2146A1B08E4181EB50CF2AF4851A96361FB88BE8F645135EF9D83799DF3CD495C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F7040 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 62stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_StringUnicode_strcmp
                                                                                                                                                                                                                                        • String ID: SECURITY_DESCRIPTOR$The object is not a PySECURITY_DESCRIPTOR object$can't delete SECURITY_ATTRIBUTES attributes
                                                                                                                                                                                                                                        • API String ID: 2499284733-1426751177
                                                                                                                                                                                                                                        • Opcode ID: f84d7f5e4df824b235b3df980f8ff24da5d65fc0064bcd1c3397c5fd280efe37
                                                                                                                                                                                                                                        • Instruction ID: 0d5d5d9331675e6fcfbea3942479dbcdf6fd3c5da2f745086163b1cbad6dd834
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f84d7f5e4df824b235b3df980f8ff24da5d65fc0064bcd1c3397c5fd280efe37
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD2141E1A1CE5281EA94CB3AE4490B96372FF84BE4F685131DE1E83795DF2CE5B18300
                                                                                                                                                                                                                                        Function 00007FFB1C4FD0A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Buffer_Err_Release$BufferFormatObject_String
                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                        • API String ID: 1670810688-686265896
                                                                                                                                                                                                                                        • Opcode ID: e8ef4878a7fbdb0bfa3265061d0d0c898551bb84cdb5361af56f577679e3a553
                                                                                                                                                                                                                                        • Instruction ID: a2eae7ca3764d4fddd1e1734ef0752d69b3468f8104e6871d2f35e120a0fcb85
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8ef4878a7fbdb0bfa3265061d0d0c898551bb84cdb5361af56f577679e3a553
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 672132E160DE4281EB948F39E9592B963A2EB84FA8F244135D99E87794DF3CD860C341
                                                                                                                                                                                                                                        Function 00007FFB1C4F22E0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • lllO, xrefs: 00007FFB1C4F2354
                                                                                                                                                                                                                                        • EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}, xrefs: 00007FFB1C4F238E
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
                                                                                                                                                                                                                                        • String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$lllO
                                                                                                                                                                                                                                        • API String ID: 959004690-1584370844
                                                                                                                                                                                                                                        • Opcode ID: a136e727edb3766bf4bc0077a23e69ff65e8f10982b23124ab15710440f66d35
                                                                                                                                                                                                                                        • Instruction ID: 624740a0730ccdd1f905bfd06717f351e7bd9e7e50ead626a788c5851c774e05
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a136e727edb3766bf4bc0077a23e69ff65e8f10982b23124ab15710440f66d35
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E2130F2A0CF8182DA549F35E4051EA7362FB847A8F184235EA8D47754DF7CE5A4C740
                                                                                                                                                                                                                                        Function 00007FFB1C4F6450 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • ULARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FFB1C4F64CA
                                                                                                                                                                                                                                        • Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FFB1C4F64EE
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Long$Arg_Long_OccurredParseStringTupleUnsignedWarn
                                                                                                                                                                                                                                        • String ID: Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead$ULARGE_INTEGER must be 'int', or '(int, int)'
                                                                                                                                                                                                                                        • API String ID: 507489655-1767028231
                                                                                                                                                                                                                                        • Opcode ID: 5beeb486335daa26ef35b38235fa05dbb34299a2cb6449d2d6db1d59ee7be95d
                                                                                                                                                                                                                                        • Instruction ID: 24d389456254c4caf12f1eece3e8da8c4341d7e4fe5780a166f347b482a7c9e6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5beeb486335daa26ef35b38235fa05dbb34299a2cb6449d2d6db1d59ee7be95d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F42162E1B18E4281EB908F39F4891F963A1FB887F8F645135EA5D83695DF2CD4A4C700
                                                                                                                                                                                                                                        Function 00007FFB0BE4A8EC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: E_print_exErr_O_freeO_newO_s_memStringX509_
                                                                                                                                                                                                                                        • String ID: failed to allocate BIO$strict
                                                                                                                                                                                                                                        • API String ID: 220268057-2811890329
                                                                                                                                                                                                                                        • Opcode ID: 0c2cb71a010c79245350d80e0ee643c1b6740a3ebb417e8edda3b3d13ff669f8
                                                                                                                                                                                                                                        • Instruction ID: 8c17093d283b90074a4faade3bf566ddb46546f92210f34f96a7ae4df7f35725
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c2cb71a010c79245350d80e0ee643c1b6740a3ebb417e8edda3b3d13ff669f8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8114FA5B08A4281E6089B36FC00929A360BF89FD0F44D830DE4F87B35DF3CE4418700
                                                                                                                                                                                                                                        Function 00007FFB1C4F4820 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$Bytes_FormatSize
                                                                                                                                                                                                                                        • String ID: Attributes of PyDEVMODEW can't be deleted$Length of DriverData cannot be longer that DriverExtra (%d bytes)
                                                                                                                                                                                                                                        • API String ID: 1818008259-1897733207
                                                                                                                                                                                                                                        • Opcode ID: ebb3508a014dcb1de3935ef427fefaafe8648ccbfe9d9da5c85ae7f04bb6d6db
                                                                                                                                                                                                                                        • Instruction ID: 1c568f0aab4d069e89769b619355922eac9a22f52370dd63c38b49c43869dbdf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebb3508a014dcb1de3935ef427fefaafe8648ccbfe9d9da5c85ae7f04bb6d6db
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E51173D5E08E0681EA848B79E8590F92362EFC9BB4B645231D92D877A4DF2CD4A58700
                                                                                                                                                                                                                                        Function 00007FFB0BE4A778 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311(?,?,00000000,00007FFB0BE4A761), ref: 00007FFB0BE4A7A1
                                                                                                                                                                                                                                        • OBJ_nid2obj.LIBCRYPTO-1_1(?,?,00000000,00007FFB0BE4A761), ref: 00007FFB0BE4A7AD
                                                                                                                                                                                                                                        • PyErr_Format.PYTHON311(?,?,00000000,00007FFB0BE4A761), ref: 00007FFB0BE4A7CF
                                                                                                                                                                                                                                        • PyModule_GetState.PYTHON311(?,?,00000000,00007FFB0BE4A761), ref: 00007FFB0BE4A7DA
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE414C8: OBJ_obj2nid.LIBCRYPTO-1_1(?,?,?,?,?,00007FFB0BE414A6), ref: 00007FFB0BE414EA
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE414C8: OBJ_nid2sn.LIBCRYPTO-1_1(?,?,?,?,?,00007FFB0BE414A6), ref: 00007FFB0BE414FC
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE414C8: OBJ_nid2ln.LIBCRYPTO-1_1(?,?,?,?,?,00007FFB0BE414A6), ref: 00007FFB0BE41507
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE414C8: _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00007FFB0BE414A6), ref: 00007FFB0BE41535
                                                                                                                                                                                                                                        • ASN1_OBJECT_free.LIBCRYPTO-1_1(?,?,00000000,00007FFB0BE4A761), ref: 00007FFB0BE4A7F1
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$BuildFormatJ_nid2lnJ_nid2objJ_nid2snJ_obj2nidModule_SizeStateStringT_freeValue_
                                                                                                                                                                                                                                        • String ID: NID must be positive.$unknown NID %i
                                                                                                                                                                                                                                        • API String ID: 278606715-2656559464
                                                                                                                                                                                                                                        • Opcode ID: b816d966aff5d49c94bdd13bc1b62bc5f8b963ca8d65eb16bf9a6868eeb9dc6f
                                                                                                                                                                                                                                        • Instruction ID: 607c1b52d237e25a75f91037d949c932ccdc33349f812e29960bd466219b56da
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b816d966aff5d49c94bdd13bc1b62bc5f8b963ca8d65eb16bf9a6868eeb9dc6f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB01EDA8B0CA4281EA188B36E8548396361AF88FD4B44D935D90FC7B75EF2CE8458300
                                                                                                                                                                                                                                        Function 00007FFB1BB161C8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Module_State$ClearDict_FormatItemUnicode_
                                                                                                                                                                                                                                        • String ID: Unsupported digestmod %R
                                                                                                                                                                                                                                        • API String ID: 3756705361-2483404930
                                                                                                                                                                                                                                        • Opcode ID: 89a5abacf07bb7c4e49fd7ba97f63ad01b0c7934edab23bc6e4bb6f920272cec
                                                                                                                                                                                                                                        • Instruction ID: 6c52120db3bedafba6501f24409e60e0f2425765e4caa6f11bb4cd118eff5c7f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89a5abacf07bb7c4e49fd7ba97f63ad01b0c7934edab23bc6e4bb6f920272cec
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A01EDE9A09E42C1EA249B76F44437A6252FF49FE0F08A034DD0E07B75DE2CE5858340
                                                                                                                                                                                                                                        Function 00007FFB0BE46504 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_O_ctrlO_freeO_newO_s_memO_set_flagsString
                                                                                                                                                                                                                                        • String ID: failed to allocate BIO
                                                                                                                                                                                                                                        • API String ID: 68942223-3472608418
                                                                                                                                                                                                                                        • Opcode ID: c9d875c65001050ae2bcf9645b06dda6adf83e6f19b615ab894e900173e2f944
                                                                                                                                                                                                                                        • Instruction ID: 899e0da9cf7b0b77476421527f6c7e1c986a087d2803d0d4ff478f742dfe0c67
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9d875c65001050ae2bcf9645b06dda6adf83e6f19b615ab894e900173e2f944
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF0148A1B08A0282EA1C9B32F814A3923A1EF89B95F14D834C91F8A774DF3CE8548340
                                                                                                                                                                                                                                        Function 00007FFB1C4F9010 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Authority$Arg_CountErr_FromLongLong_ParseSizeStringTuple_
                                                                                                                                                                                                                                        • String ID: The index is out of range$i:GetSubAuthority
                                                                                                                                                                                                                                        • API String ID: 3635565364-2602025648
                                                                                                                                                                                                                                        • Opcode ID: ceafc9525517875b718b1d665cb7f9817832bf65bc8b75bf24076918e42cb2d6
                                                                                                                                                                                                                                        • Instruction ID: b1293f620be42cc88989cec3d021789089608e3e7a5831907abdd2cc11b1630d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ceafc9525517875b718b1d665cb7f9817832bf65bc8b75bf24076918e42cb2d6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CF031E5B09E4286EB848B31E85A0F92363EFC8F65F644031C95E87711DE3DE4A8C700
                                                                                                                                                                                                                                        Function 00007FFB0BE4AE18 Relevance: 12.1, APIs: 8, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: From$StringUnicode_$DeallocLongLong_R_get_bitsR_get_nameR_get_versionTuple_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4201023408-0
                                                                                                                                                                                                                                        • Opcode ID: c7e4ad4a5cbe137e3d3726bad4dc99ead42d5bd982514d9127d2ce4c9b77b286
                                                                                                                                                                                                                                        • Instruction ID: 3c5b78a7d7216b551e8a59e888fa160db58f2a37cf4bf63679bb599ecdaed56c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7e4ad4a5cbe137e3d3726bad4dc99ead42d5bd982514d9127d2ce4c9b77b286
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC21A7A1B4DF0681EE5D9F35EA54A3863A1AF48B94B04DC38C95F87774EF2CE8959300
                                                                                                                                                                                                                                        Function 00007FFB1C4F72C0 Relevance: 12.1, APIs: 8, Instructions: 52COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DescriptorSecurityfree$DaclGroupOwnerSacl
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1788430091-0
                                                                                                                                                                                                                                        • Opcode ID: 97ea44e753a5a118efad6d5d1f8ef18c9434b446d72ae4c28109a967474ad096
                                                                                                                                                                                                                                        • Instruction ID: 7a3ec89c04c49623380cd2345605fb7c7ccffb6c4b2ca549fc30bd5142918b27
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97ea44e753a5a118efad6d5d1f8ef18c9434b446d72ae4c28109a967474ad096
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C92150E1A0DE4392EF85CF79E4582F96362FF85BA4F640036EA4E82564CE3CD499C700
                                                                                                                                                                                                                                        Function 00007FFB0BE43DEC Relevance: 12.0, APIs: 8, Instructions: 44COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Object_$L_freeTrack
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 970091570-0
                                                                                                                                                                                                                                        • Opcode ID: fdf135503af694ca09515cb941b0807b2cce5d3a3fd1cebbe950fee7613b106c
                                                                                                                                                                                                                                        • Instruction ID: c16d10300df7afed6d6396e2d0017a217a032a6be61e4033b7c95370ff237a5b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fdf135503af694ca09515cb941b0807b2cce5d3a3fd1cebbe950fee7613b106c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C011DAB6E1AB02C1EE5D9FB5DA549382360BF44F64B18C930CA0F82674CF2DE8558304
                                                                                                                                                                                                                                        Function 00007FFB0BE47020 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentErr_KeywordsLong_OccurredUnpack
                                                                                                                                                                                                                                        • String ID: _wrap_socket$argument 'sock'
                                                                                                                                                                                                                                        • API String ID: 3416574803-3343203394
                                                                                                                                                                                                                                        • Opcode ID: a05e837dcab580fb061cae756fe97a0a59ad7d81050775c566bf933dc6301edf
                                                                                                                                                                                                                                        • Instruction ID: 30dac10f82ce755d35fd28e909c8217b3054c312787e60b431eb042ea460e7e5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a05e837dcab580fb061cae756fe97a0a59ad7d81050775c566bf933dc6301edf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C441DBA2B09A4286EB59CF21E840A6977A0FF45BD4F448835DE4E87B74DF3CE855C340
                                                                                                                                                                                                                                        Function 00007FFB0BE41558 Relevance: 10.6, APIs: 7, Instructions: 89COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: J_obj2txt$FromMallocMem_SizeStringUnicode_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2822617359-0
                                                                                                                                                                                                                                        • Opcode ID: e537a23c8a6070d087393c316de51ad356ca906d65c7c74241b8e0fdbbd5e4a2
                                                                                                                                                                                                                                        • Instruction ID: ff4180b8c063d532c1dd0cb462c34ce4bb16a1d9e6c5837c7005e63a5989ea3b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e537a23c8a6070d087393c316de51ad356ca906d65c7c74241b8e0fdbbd5e4a2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E63180A1B1CA4245FB298B32E814BBA6695BF89B84F44C830DE0FD77B5DF3CE4058600
                                                                                                                                                                                                                                        Function 00007FFB0BE438DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_N_get_id$ArgumentCallInternalmemcmp
                                                                                                                                                                                                                                        • String ID: D:\_w\1\s\Modules\_ssl.c
                                                                                                                                                                                                                                        • API String ID: 2709062062-1570913985
                                                                                                                                                                                                                                        • Opcode ID: 12609c1586baca06625226c82ee37a80df6c84f647c5f22e97ef57f362e85eb8
                                                                                                                                                                                                                                        • Instruction ID: ebf4e39e848469385f588d46e9f782ab0ea82ca2659a7c098ded9e6eb9f646e1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12609c1586baca06625226c82ee37a80df6c84f647c5f22e97ef57f362e85eb8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB312DA1A0968381EA6C9B39D59493952A1EF44B80F24CD35DB4FC7BB8DF2DE841C705
                                                                                                                                                                                                                                        Function 00007FFB1C4F9C10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CallDeallocErr_FormatMethodObject_SubtypeType_
                                                                                                                                                                                                                                        • String ID: astimezone$must be a pywintypes time object (got %s)
                                                                                                                                                                                                                                        • API String ID: 244768906-1654730096
                                                                                                                                                                                                                                        • Opcode ID: 3c074a7bd42418fec549f14f0f2583ad262acb5c644ac44f543dd8d47ffa083f
                                                                                                                                                                                                                                        • Instruction ID: 066de0a6c48f1b247663fddf9c372fd4f400b1a30f3e99b208cb95c634eb928b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c074a7bd42418fec549f14f0f2583ad262acb5c644ac44f543dd8d47ffa083f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6021D9E660CAC182D7888F36D1650B97BA1EF5DB95B249037DB5EC3351EE2CD164C710
                                                                                                                                                                                                                                        Function 00007FFB1BB12240 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyModule_GetState.PYTHON311(?,?,00000000,00007FFB1BB12100), ref: 00007FFB1BB12255
                                                                                                                                                                                                                                        • _Py_hashtable_get.PYTHON311(?,?,00000000,00007FFB1BB12100), ref: 00007FFB1BB12262
                                                                                                                                                                                                                                        • EVP_get_digestbyname.LIBCRYPTO-1_1(?,?,00000000,00007FFB1BB12100), ref: 00007FFB1BB1229D
                                                                                                                                                                                                                                        • EVP_get_digestbyname.LIBCRYPTO-1_1(?,?,00000000,00007FFB1BB12100), ref: 00007FFB1BB122B5
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: P_get_digestbyname$Module_Py_hashtable_getState
                                                                                                                                                                                                                                        • String ID: unsupported hash type %s
                                                                                                                                                                                                                                        • API String ID: 3106711627-1604032313
                                                                                                                                                                                                                                        • Opcode ID: 3471476a1f7f705c244d8bc4ef2fc663ce71f79fed7c2dabccc1da82ebc03cd0
                                                                                                                                                                                                                                        • Instruction ID: 9f9f0fe307da4349a23d7daf9e2fbe19cbcb0af34131b8d306bbd489d3d40e05
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3471476a1f7f705c244d8bc4ef2fc663ce71f79fed7c2dabccc1da82ebc03cd0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC21CEEAA08E42C1EA758B35F44433E16A2FB85BB0F15A635D95D43FB4CE3CE8818640
                                                                                                                                                                                                                                        Function 00007FFB1BB13880 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Module_Py_hashtable_destroyState
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3151084188-0
                                                                                                                                                                                                                                        • Opcode ID: 9128e43471079dfbbc8260bb72e93c90e4e8e6d7dd4867bcb146b40b63f085a7
                                                                                                                                                                                                                                        • Instruction ID: 7d8c410257115da7933f3ebea7ed1e2db27b1cd7457a6e9faf14d077708cda31
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9128e43471079dfbbc8260bb72e93c90e4e8e6d7dd4867bcb146b40b63f085a7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C52133F9E0AE02D1EA794F72F49423A62A6FF44B74B18E530D64E06A64DF2DD445C340
                                                                                                                                                                                                                                        Function 00007FFB1C4F85B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                        • String ID: :GetSecurityDescriptorDacl$GetSecurityDescriptorDacl$SetSecurityDescriptorGroup - invalid sd
                                                                                                                                                                                                                                        • API String ID: 1292091245-161903415
                                                                                                                                                                                                                                        • Opcode ID: 88e47881db82ee76bdee5e304901f5be48a80522d559b173a4a9e85877e112ae
                                                                                                                                                                                                                                        • Instruction ID: 3e1d7d9a1646d62a6a62d5147bb51d9bb62a772d10a1817e63f97caebf46d9e3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88e47881db82ee76bdee5e304901f5be48a80522d559b173a4a9e85877e112ae
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A1172D5E1CD1282FB918B39E8492F963A2AFC0B78FA44431DE0D862A5DE3CD1B5C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F8680 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                        • String ID: :GetSecurityDescriptorSacl$GetSecurityDescriptorSacl$GetSecurityDescriptorSacl - invalid sd
                                                                                                                                                                                                                                        • API String ID: 1292091245-3167575759
                                                                                                                                                                                                                                        • Opcode ID: bcc334d484d8790ae647ae34939a7a7a1bae4fc8f90a9891a3dfc8aa77b77b48
                                                                                                                                                                                                                                        • Instruction ID: 33ff53880d3a7f2b3ac58268cf2c5f37e443f98e43f6ce540d94b7dfe0911ced
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcc334d484d8790ae647ae34939a7a7a1bae4fc8f90a9891a3dfc8aa77b77b48
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F91175D5E1CD1281FB408B39E8492F563A2AFC0BA8F644035CD0D86365DE7CD1B5C700
                                                                                                                                                                                                                                        Function 00007FFB0BE46628 Relevance: 10.6, APIs: 7, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Bytes_O_ctrl_pending$DeallocFromModuleO_readResizeSizeStateStringType_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3878297189-0
                                                                                                                                                                                                                                        • Opcode ID: 023877dca5ee26c402b1b2f0c30a4b44448fc8b1130757aff9b27fdc374a4910
                                                                                                                                                                                                                                        • Instruction ID: bc5331bfec818efd25de5b36957c95240b196ae1f89f22db5bbfacde6d829605
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 023877dca5ee26c402b1b2f0c30a4b44448fc8b1130757aff9b27fdc374a4910
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 032181A1B09B4287EB189F35E94443962A1FF8AB84B14CD75DA0FC6774EF6DE8148700
                                                                                                                                                                                                                                        Function 00007FFB0BE49530 Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_num$L_get_ciphersL_sk_valueList_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2306917863-0
                                                                                                                                                                                                                                        • Opcode ID: 1ae032c82954a2258fd5bd5c6cc81a6f19337a10baf40a80193b484264958ca5
                                                                                                                                                                                                                                        • Instruction ID: a1bac7d2d7aa2313de1e13fd55147efb03f1f0948c513d40daa71a681633c0fa
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ae032c82954a2258fd5bd5c6cc81a6f19337a10baf40a80193b484264958ca5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8113DA5B1DA4285EA5C9B36E95893A23A4EF88F81B14C830DD4FD3775DF3CE8428350
                                                                                                                                                                                                                                        Function 00007FFB1C4F9660 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorLastValidmalloc
                                                                                                                                                                                                                                        • String ID: PySID:$PySID: Invalid SID
                                                                                                                                                                                                                                        • API String ID: 814871005-2976353951
                                                                                                                                                                                                                                        • Opcode ID: 4ab7af62bd6f20a76bd8c8aa25917720a5ad898b458a80a4dedec4ef23a21026
                                                                                                                                                                                                                                        • Instruction ID: 040a40949c510201f3902da1bdc62c9139ffb399f202179bfe401990765a446b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ab7af62bd6f20a76bd8c8aa25917720a5ad898b458a80a4dedec4ef23a21026
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6021A1E5A18E8582EB849B25E5491F973A2FB94BF4F545131DE1E437A4DF3CD0A4C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F84F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                        • String ID: :GetSecurityDescriptorGroup$GetSecurityDescriptorGroup$GetSecurityDescriptorGroup - invalid sd
                                                                                                                                                                                                                                        • API String ID: 1292091245-1740808346
                                                                                                                                                                                                                                        • Opcode ID: f54f4b526f6bbfc759d652801e540d65d2e600bb6587189d71cfe2f276292ea5
                                                                                                                                                                                                                                        • Instruction ID: 00366899dacbd16409e3989214f4836aba6269192a54c2377b38827d592e3ff0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f54f4b526f6bbfc759d652801e540d65d2e600bb6587189d71cfe2f276292ea5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A1158D1F0CD0242FB959B79E8492F523A3AFD5BA8FA45035C90D863A6EE2CD5B5C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F41E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON311 ref: 00007FFB1C4F420E
                                                                                                                                                                                                                                        • GetAuditedPermissionsFromAclW.ADVAPI32 ref: 00007FFB1C4F423E
                                                                                                                                                                                                                                        • Py_BuildValue.PYTHON311 ref: 00007FFB1C4F4268
                                                                                                                                                                                                                                        • PyMem_Free.PYTHON311 ref: 00007FFB1C4F4282
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC0BB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC12A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyUnicode_DecodeMBCS.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC1FB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC210
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC228
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyErr_SetObject.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC23D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_Dealloc.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC24C
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: BuildFree$Arg_AuditedDeallocDecodeErr_ErrorFormatFromLastLocalMem_MessageObjectParsePermissionsSizeTupleUnicode_ValueValue_
                                                                                                                                                                                                                                        • String ID: GetAuditedPermissionsFromAcl$O:GetAuditedPermissionsFromAcl
                                                                                                                                                                                                                                        • API String ID: 1813498087-1982696749
                                                                                                                                                                                                                                        • Opcode ID: e3cf0bc495971bb8ed7b40bc33452d8393b5b64665373bf3c0310aa9243fa5a8
                                                                                                                                                                                                                                        • Instruction ID: 968bdb2a67b25408ea9811d06b7d94fc525a645bc8ffa3d1ad53e3704db897df
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3cf0bc495971bb8ed7b40bc33452d8393b5b64665373bf3c0310aa9243fa5a8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD1162F2A0CA4682EB508FA5F4440EAA3A2FBC47E4F554036D64D87A58DF7CE555CB40
                                                                                                                                                                                                                                        Function 00007FFB0BE4BE84 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X509_$Arg_M_clear_flagsM_get_flagsM_set_flagsParse_SizeX_get0_param
                                                                                                                                                                                                                                        • String ID: `
                                                                                                                                                                                                                                        • API String ID: 3791563005-1519715813
                                                                                                                                                                                                                                        • Opcode ID: 4bb6d42b4beab45096a4e9ccb1599a342f780d6b072b4d590485099c46099c07
                                                                                                                                                                                                                                        • Instruction ID: fabd50fa076f2aee9a706001705f0400519fc7c88660f4881985d74e105c0389
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bb6d42b4beab45096a4e9ccb1599a342f780d6b072b4d590485099c46099c07
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16115EA5B0C64282EA588B76E84093A77A0FF84B95F14C931DA5EC3A74DF7CE8458B00
                                                                                                                                                                                                                                        Function 00007FFB1C4F1220 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$BufferBuffer_FormatObject_ReleaseString
                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                        • API String ID: 3539591379-686265896
                                                                                                                                                                                                                                        • Opcode ID: e6a53e6ea5320b7384238b41d06f927761a0009c0bf506e7bccc18160df99ee7
                                                                                                                                                                                                                                        • Instruction ID: 0e1e1a556b3dd2ee42734c40a0ca9b46ed3b88bd54d1a96da81833b47b7a589e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6a53e6ea5320b7384238b41d06f927761a0009c0bf506e7bccc18160df99ee7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B1121E1A09F4282EA548FA6E84917863A2FBC9BA4F245030CD4D87794DF3CE4A58300
                                                                                                                                                                                                                                        Function 00007FFB1C4F4120 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON311 ref: 00007FFB1C4F414A
                                                                                                                                                                                                                                        • GetEffectiveRightsFromAclW.ADVAPI32 ref: 00007FFB1C4F4175
                                                                                                                                                                                                                                        • Py_BuildValue.PYTHON311 ref: 00007FFB1C4F419A
                                                                                                                                                                                                                                        • PyMem_Free.PYTHON311 ref: 00007FFB1C4F41B4
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC0BB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC12A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyUnicode_DecodeMBCS.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC1FB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC210
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC228
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyErr_SetObject.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC23D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_Dealloc.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC24C
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: BuildFree$Arg_DeallocDecodeEffectiveErr_ErrorFormatFromLastLocalMem_MessageObjectParseRightsSizeTupleUnicode_ValueValue_
                                                                                                                                                                                                                                        • String ID: GetEffectiveRightsFromAcl$O:GetEffectiveRightsFromAcl
                                                                                                                                                                                                                                        • API String ID: 2032167972-568366055
                                                                                                                                                                                                                                        • Opcode ID: a3a2f35c040267fb559fa990f2b6b599c52173f06d62c3f3011c8b93d8cc6bf5
                                                                                                                                                                                                                                        • Instruction ID: 90889e41583da341fc4f331aa791a6728c54f7955fbf6a3df81b53ecb1e85c6f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3a2f35c040267fb559fa990f2b6b599c52173f06d62c3f3011c8b93d8cc6bf5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73116DE1A0CA4682EA508B65F9480EAA3A2FF847E8F544135D64D87658DF7CE465C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F2AB0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple$ClearErr_
                                                                                                                                                                                                                                        • String ID: AddAccesAllowedAce$lO:AddAccessAllowedAce$llO:AddAccessAllowedAce
                                                                                                                                                                                                                                        • API String ID: 2492218514-648165593
                                                                                                                                                                                                                                        • Opcode ID: 92b371a81ec9a58075e54e0ab38dd8c563d95eda408acadf1690a977647208be
                                                                                                                                                                                                                                        • Instruction ID: 532f95c023cb5462d759f265ef5d7361de4efe79487d379596768f488edce90e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92b371a81ec9a58075e54e0ab38dd8c563d95eda408acadf1690a977647208be
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E01119F1A0CB4682DB508F65F4494EAB7A2FB847A4F544136EA8D43B69EF3CD154CB00
                                                                                                                                                                                                                                        Function 00007FFB1C4F2B60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple$ClearErr_
                                                                                                                                                                                                                                        • String ID: AddAccesDeniedAce$lO:AddAccessDeniedAce$llO:AddAccessDeniedAce
                                                                                                                                                                                                                                        • API String ID: 2492218514-45297876
                                                                                                                                                                                                                                        • Opcode ID: db3ef6d2042fc731ebb77383ce4e9552a06176105aea40d161fa3c6855c30291
                                                                                                                                                                                                                                        • Instruction ID: bc9c2b37122be12bf15d315f96bbfa112198a5f7f22b2818d67a9e86e514e785
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db3ef6d2042fc731ebb77383ce4e9552a06176105aea40d161fa3c6855c30291
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A1119F1A1CB4682DB508F65F4494EAB7A1FB847A4F544036EA8D47B59DF3CD164CB00
                                                                                                                                                                                                                                        Function 00007FFB1C4F87F0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ControlDescriptorErr_ParseSecurityStringTuple
                                                                                                                                                                                                                                        • String ID: SetSecurityDescriptorControl$SetSecurityDescriptorControl does not exist on this platform$ll:SetSecurityDescriptorControl
                                                                                                                                                                                                                                        • API String ID: 1690190277-853495732
                                                                                                                                                                                                                                        • Opcode ID: c84b0182768bea5d5979bfee2e4687e6803d9cec3a7dc2875684892433b1d161
                                                                                                                                                                                                                                        • Instruction ID: d02c33631f60698ade02b20632b4d70f42e735048b4aa6bdfd80a7891110ba8f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c84b0182768bea5d5979bfee2e4687e6803d9cec3a7dc2875684892433b1d161
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D50140D1E18D1681FB908F76E85A2F523A2FFC4B69F645032DA0E86261DF3CD5A5C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F3BD0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON311 ref: 00007FFB1C4F3BEB
                                                                                                                                                                                                                                        • GetAce.ADVAPI32 ref: 00007FFB1C4F3C06
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC0BB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC12A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyUnicode_DecodeMBCS.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC1FB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC210
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC228
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyErr_SetObject.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC23D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_Dealloc.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC24C
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_BuildDeallocDecodeErr_ErrorFormatFreeLastLocalMessageObjectParseSizeTupleUnicode_Value_
                                                                                                                                                                                                                                        • String ID: Ace type %d is not supported yet$GetAce$l:GetAce
                                                                                                                                                                                                                                        • API String ID: 2913267005-2172617993
                                                                                                                                                                                                                                        • Opcode ID: d4da5d335416cac86b9197730c07311a75d515660184e907db1b9f56742dfa88
                                                                                                                                                                                                                                        • Instruction ID: 13dee312a7291fd3316ec88ae936cc4b19fb8651371e31700253368e0d402ca2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4da5d335416cac86b9197730c07311a75d515660184e907db1b9f56742dfa88
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 510180E6B08E4286EB418B39E8191F533A3FF84BA8FA44032DA4D83255DF2CE165C700
                                                                                                                                                                                                                                        Function 00007FFB0BE44484 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_set_msg_callback$Callable_CheckDeallocErr_String
                                                                                                                                                                                                                                        • String ID: not a callable object
                                                                                                                                                                                                                                        • API String ID: 3435843511-3332612890
                                                                                                                                                                                                                                        • Opcode ID: 2c4cc950c388e6641bb2acf092107df6c3a4c14914ab213ab3a2e4017017a6d2
                                                                                                                                                                                                                                        • Instruction ID: 3f7ebe5bb79b139c8a83e06e50970ab99696e8e8bcd29d49677d6489d90ad377
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c4cc950c388e6641bb2acf092107df6c3a4c14914ab213ab3a2e4017017a6d2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6611A8A1B0994281EB599F35E954A3923B1BF88B98F54CD31CA1FC66B4DF3CD9558300
                                                                                                                                                                                                                                        Function 00007FFB1C4F48D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d, xrefs: 00007FFB1C4F4926
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcpy$Err_FormatReferencemalloc
                                                                                                                                                                                                                                        • String ID: PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d
                                                                                                                                                                                                                                        • API String ID: 3577276951-318570358
                                                                                                                                                                                                                                        • Opcode ID: fddfbdb906fae1cdbad07684335e24c5286ddcdde50077556d5a302564308914
                                                                                                                                                                                                                                        • Instruction ID: c7863cb122851a51bcd550bc179dd1bf2ff9b22432df2c17fae9950174698e75
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fddfbdb906fae1cdbad07684335e24c5286ddcdde50077556d5a302564308914
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 030152E1A08E0692EA94DF26E9491F833A2FB88F95B644035DA4E43765DF3DE4B4C310
                                                                                                                                                                                                                                        Function 00007FFB0BE4BC44 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_Err_Parse_SizeStringX_set_num_tickets
                                                                                                                                                                                                                                        • String ID: SSLContext is not a server context.$failed to set num tickets.$value must be non-negative
                                                                                                                                                                                                                                        • API String ID: 2130650243-3995814857
                                                                                                                                                                                                                                        • Opcode ID: 708579bf53162fdeafbe4cb1e230e0f8fba9d217ad1739ef98ae9758071a56ae
                                                                                                                                                                                                                                        • Instruction ID: 61341e0e966cd45b523893f95d34499c2680b705ac0fcec07c7add7a497b974a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 708579bf53162fdeafbe4cb1e230e0f8fba9d217ad1739ef98ae9758071a56ae
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1901C8E1B0CA03C1EA588B75E8C587A3365AF94B90B54DD36C91FC66B4EF6DE8849300
                                                                                                                                                                                                                                        Function 00007FFB1C4FA490 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$BuildClearDeallocStringValue
                                                                                                                                                                                                                                        • String ID: (i)$invalid timestamp
                                                                                                                                                                                                                                        • API String ID: 3614533335-2037815563
                                                                                                                                                                                                                                        • Opcode ID: 4cad841118d652d7e69830c9c566db28106347b89f0cc1e4be47afa204aeeff3
                                                                                                                                                                                                                                        • Instruction ID: 3b0650f058b63a51a17a272c42b91f3a4b06cef23aebda3ce118213c0c1bc290
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4cad841118d652d7e69830c9c566db28106347b89f0cc1e4be47afa204aeeff3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC0144E1B19E0781EE558F35E85E1B52363BFD8BB4F641031C80E43760DE2CE4A98300
                                                                                                                                                                                                                                        Function 00007FFB1C4FC500 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Size$Arg_BuildErr_ParseStringTextTuple_UnicodeValue_
                                                                                                                                                                                                                                        • String ID: s#i$string size beyond INT_MAX
                                                                                                                                                                                                                                        • API String ID: 2518093472-3494499060
                                                                                                                                                                                                                                        • Opcode ID: cdc49cf8c9ab3dcdf280fb89038c51945ace4d95668609105f34e8db7cdf061a
                                                                                                                                                                                                                                        • Instruction ID: d77e2bc1dea634a1bb6bf6067ed08fb0dc0e7504bc38c1a4924f7fd8581b10b5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdc49cf8c9ab3dcdf280fb89038c51945ace4d95668609105f34e8db7cdf061a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F011AF5B18F4782DA809B65E8590E927A2FBC47A5FA05132D54E83764DE3CE129CB80
                                                                                                                                                                                                                                        Function 00007FFB1C4F91B0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AuthorityBuildErr_IdentifierSizeStringValidValue_
                                                                                                                                                                                                                                        • String ID: (BBBBBB)$GetSidIdentifierAuthority: Invalid SID in object
                                                                                                                                                                                                                                        • API String ID: 2215780243-3761804006
                                                                                                                                                                                                                                        • Opcode ID: 1232448264b43f99337fd2457c95330df09c11276e4dc376cc44a7af4843ebde
                                                                                                                                                                                                                                        • Instruction ID: aaf47aa0ae14bfd2b7fe9f463ef9f63b2855e9f8bc1b2fb3fb22e0578ae0e910
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1232448264b43f99337fd2457c95330df09c11276e4dc376cc44a7af4843ebde
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 640121E1A1CE8186D7814F31D8590797FA2EBC4B65F588075DA9E82351CF2CD575C710
                                                                                                                                                                                                                                        Function 00007FFB1C4FBCA0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CallsMakePending$ClearErr___acrt_iob_func__stdio_common_vfprintffprintf
                                                                                                                                                                                                                                        • String ID: Unhandled exception detected before entering Python.
                                                                                                                                                                                                                                        • API String ID: 322838838-920423093
                                                                                                                                                                                                                                        • Opcode ID: d8e5852f4bce10df7c675f798aee9c73dcdef8c0b17f020fe0b779633fc20929
                                                                                                                                                                                                                                        • Instruction ID: 56649209c867593b41c5058220648880d1c386ac46a3d565c5c6c411af821dfd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8e5852f4bce10df7c675f798aee9c73dcdef8c0b17f020fe0b779633fc20929
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35E0ECD4E0DD0382F6C42B35EC5E2FA22676F85B65F719138D40E86161EE1CA8798310
                                                                                                                                                                                                                                        Function 00007FFB1C4FB010 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: List_$AppendDealloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1573934073-0
                                                                                                                                                                                                                                        • Opcode ID: 7fb26709c0e5ee0590c04e9dd1918bcc50fe2a2ecf223f1121939532f5d5c4f5
                                                                                                                                                                                                                                        • Instruction ID: e09b59eaa59f73a4ec71063a0f91dd7e4075a24c4d648b50a667dfaeca1e851a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7fb26709c0e5ee0590c04e9dd1918bcc50fe2a2ecf223f1121939532f5d5c4f5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B03162E1A0DE5585FE944B29E5481B82372AF85BF4F284230DE6E47BD4DF2CA8618304
                                                                                                                                                                                                                                        Function 00007FFB1C4FB120 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: List_$AppendBytes_DeallocFromSizeString
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3583985797-0
                                                                                                                                                                                                                                        • Opcode ID: 1af333250f52d183d95777b5497e5bdef4fbbd040c499906e43c11cb1fa70274
                                                                                                                                                                                                                                        • Instruction ID: db18fde7145e495152d3b1b71bde3f668ecbef15c247160aae361032ede3abd8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1af333250f52d183d95777b5497e5bdef4fbbd040c499906e43c11cb1fa70274
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 862155E1A0DE4545FE955F39E9581B86392AF86BF4F281230DE6E46BD0DF2CE4618300
                                                                                                                                                                                                                                        Function 00007FFB0BE48D98 Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocInsertL_get_peer_cert_chainL_get_peer_certificateList_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3456820669-0
                                                                                                                                                                                                                                        • Opcode ID: d936d687eff75d948fda7b769ae24a44ccb6f572c6dcc418821b6287ca7955ed
                                                                                                                                                                                                                                        • Instruction ID: 02a9352482459a2170d6de1c339811f72fc9f31469e10c38b3d21cf7a0a10c66
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d936d687eff75d948fda7b769ae24a44ccb6f572c6dcc418821b6287ca7955ed
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E021FC71A09A5281EA199B36ED5453923A0EF98FE4F14CA35DA5F877B4DF2CE8528300
                                                                                                                                                                                                                                        Function 00007FFB0BE44574 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: List_$DeallocItemL_sk_numL_sk_valueX509_up_ref
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2540853196-0
                                                                                                                                                                                                                                        • Opcode ID: 13fa60f790374bc889c5657669db7362c64846027d195b5bea521e7375896998
                                                                                                                                                                                                                                        • Instruction ID: c9520b51dd87d744b5e5c02915b2a29fa2e0c51b35eca499814f050f571504a3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13fa60f790374bc889c5657669db7362c64846027d195b5bea521e7375896998
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C11A2A1B05B4281EA198F26EC4452963A5FF88FE4B09C931CE5E837A0DF3CE4428300
                                                                                                                                                                                                                                        Function 00007FFB1BB13740 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Mem_Py_hashtable_set$FreeMallocPy_hashtable_destroyPy_hashtable_new_full
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3987031744-0
                                                                                                                                                                                                                                        • Opcode ID: 915fc3c12298076faa92fa22e255507a5678979ac9797c805f8a1823a17a82e4
                                                                                                                                                                                                                                        • Instruction ID: cda59f515e101a20502c30444d029ecdd1bd0f2f091f4df45905ce90f2d7a6a3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 915fc3c12298076faa92fa22e255507a5678979ac9797c805f8a1823a17a82e4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9211EA9A19E46D2E7218B36E44437A63A2FF45B94F04A535DE4D03EB4EF3CE196C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F6E50 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • _Py_NewReference.PYTHON311(?,?,?,00007FFB1C4F6D86), ref: 00007FFB1C4F6E6D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FE3A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB1C4FE3C2
                                                                                                                                                                                                                                        • _Py_NewReference.PYTHON311(?,?,?,00007FFB1C4F6D86), ref: 00007FFB1C4F6E9A
                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB1C4F6D86), ref: 00007FFB1C4F6EA5
                                                                                                                                                                                                                                        • InitializeSecurityDescriptor.ADVAPI32(?,?,?,00007FFB1C4F6D86), ref: 00007FFB1C4F6EBE
                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB1C4F6D86), ref: 00007FFB1C4F6ED6
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,?,00007FFB1C4F6D86), ref: 00007FFB1C4F6EF6
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F7B40: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4F7B5B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F7B40: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4F7B64
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DescriptorReferenceSecurityfreemalloc$DeallocInitializeLength
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2040291429-0
                                                                                                                                                                                                                                        • Opcode ID: 2c27470f5de2839a593e6722dc140241d06c4f9ffa6d0e3eee3c51e6744d613f
                                                                                                                                                                                                                                        • Instruction ID: 62c8775e73c09505b67098ef020ba2a5d374eec29c845605f2410bdd18c1ced1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c27470f5de2839a593e6722dc140241d06c4f9ffa6d0e3eee3c51e6744d613f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 952127F5A08F0682EB849F25E9492A973A6FB89BA4F244134CA4D43765DF3CE4758340
                                                                                                                                                                                                                                        Function 00007FFB0BE4AEE0 Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Eval_Thread$O_free_allRestoreSave
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 86175192-0
                                                                                                                                                                                                                                        • Opcode ID: e9e2a801aea922d1273cd4ff8c998d1dc01524c4fe99618527d19cee9a6ac218
                                                                                                                                                                                                                                        • Instruction ID: da83d885c37d795377cfff4cdd2609e0f14818a89323e3a4073c380b5286eb92
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9e2a801aea922d1273cd4ff8c998d1dc01524c4fe99618527d19cee9a6ac218
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE1100F2E19A0292EB5D8FB1D95873823A0FF58B64F049934CA0F86960CF3DE8659304
                                                                                                                                                                                                                                        Function 00007FFB1BB129A0 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • EVP_MD_CTX_copy.LIBCRYPTO-1_1(?,?,00000000,00007FFB1BB1278C), ref: 00007FFB1BB129C5
                                                                                                                                                                                                                                        • PyThread_acquire_lock.PYTHON311(?,?,00000000,00007FFB1BB1278C), ref: 00007FFB1BB129E8
                                                                                                                                                                                                                                        • PyThread_release_lock.PYTHON311(?,?,00000000,00007FFB1BB1278C), ref: 00007FFB1BB129F7
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON311(?,?,00000000,00007FFB1BB1278C), ref: 00007FFB1BB15212
                                                                                                                                                                                                                                        • PyThread_acquire_lock.PYTHON311(?,?,00000000,00007FFB1BB1278C), ref: 00007FFB1BB15224
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON311(?,?,00000000,00007FFB1BB1278C), ref: 00007FFB1BB1522D
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lockX_copy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1756194536-0
                                                                                                                                                                                                                                        • Opcode ID: 836a3635088dc3f5986769e67726f4da7ab54015a18421c453db875b64859df3
                                                                                                                                                                                                                                        • Instruction ID: ca18171b1206590a205895d46a831744d67106c8b73a13dd9ea5f3d0bb40f48a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 836a3635088dc3f5986769e67726f4da7ab54015a18421c453db875b64859df3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C0100E9B08E46C2EB248F76F45423A1362FB89FE4F14A031DD4E43B68DE3CD4969240
                                                                                                                                                                                                                                        Function 00007FFB1C4FD6E0 Relevance: 9.0, APIs: 6, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocValue$DeleteFreeLocalState_Thread
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1066789969-0
                                                                                                                                                                                                                                        • Opcode ID: a38a08381fbc3f0e3c4c6364fcbf7b6d8d1306fe28728f85f0422f7ee9c4bbec
                                                                                                                                                                                                                                        • Instruction ID: dd54a289db583e49aa80654ad4803acba5067cedbd54d9f8f26af141109d4b82
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a38a08381fbc3f0e3c4c6364fcbf7b6d8d1306fe28728f85f0422f7ee9c4bbec
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE01C9F5E0AF02C5EA959F35E86D0B563A2AFD9779F381434C85E463608E3CA4648711
                                                                                                                                                                                                                                        Function 00007FFB1BB1614C Relevance: 9.0, APIs: 6, Instructions: 34threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lockX_copy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1756194536-0
                                                                                                                                                                                                                                        • Opcode ID: 4631b92abf9ef0f0ab756b427accfbaafc0950e957c7bd2aceb6918e902066d0
                                                                                                                                                                                                                                        • Instruction ID: 88b479cbc65445450783fb25e3cf3ad1943bc9af841695b6f89cfa771cb5a20b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4631b92abf9ef0f0ab756b427accfbaafc0950e957c7bd2aceb6918e902066d0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 100192ADB15E41C2EB649B67F45423A6361FF88F90B14A131DE0E43B25DE3CD4958640
                                                                                                                                                                                                                                        Function 00007FFB1C4F6990 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Unicode_
                                                                                                                                                                                                                                        • String ID: Internal$InternalHigh$hEvent
                                                                                                                                                                                                                                        • API String ID: 2646675794-1769053571
                                                                                                                                                                                                                                        • Opcode ID: 022ca7562e611031875e0e22a4c6128578bdd9ff9c8b5feaee501f376fd8ce4e
                                                                                                                                                                                                                                        • Instruction ID: 83dd302138ecb4ef1b40f3a4ed57f317fd74584dffe102e959cd7ae0197cc305
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 022ca7562e611031875e0e22a4c6128578bdd9ff9c8b5feaee501f376fd8ce4e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D92193E2B1CE8181EB958B26E5450B96361FB8CFE8F185031EF5E47759DE2CD4A1C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F5810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                        • String ID: The object is not a PyHANDLE object$|O:HANDLERegistry
                                                                                                                                                                                                                                        • API String ID: 709158290-3143913545
                                                                                                                                                                                                                                        • Opcode ID: 62b2f561ae9768160922984f19dca62b5468131cdb44bae6e77f9cc6b9e64f49
                                                                                                                                                                                                                                        • Instruction ID: f43001ecc29624b6eb064829a12e0e29f5d70eb66e003f57d613f697d7189ea3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62b2f561ae9768160922984f19dca62b5468131cdb44bae6e77f9cc6b9e64f49
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7213DF2A0CF4681EA909B25F8890E97366FB847A4F641032DB4D83665DF3CE4B5C740
                                                                                                                                                                                                                                        Function 00007FFB1C4F4F10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                        • String ID: The object is not a PyHANDLE object$|O:HANDLE
                                                                                                                                                                                                                                        • API String ID: 709158290-2911939918
                                                                                                                                                                                                                                        • Opcode ID: 8a1caafe52e778266ee09ce04f3b53743769be0cf05a4e17a06d5b4078c11f5c
                                                                                                                                                                                                                                        • Instruction ID: 9321fc567894adc2d6acba1f87e9b5380b104c7c7b51ac11a97c6be76ff630d2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a1caafe52e778266ee09ce04f3b53743769be0cf05a4e17a06d5b4078c11f5c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9213EE2A1CF4281EA909B25F8891E97366FB847A8F641031EB4D87664DF3CE5B5C340
                                                                                                                                                                                                                                        Function 00007FFB1C4F5460 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CharDeallocFromObject_PrintUnicode_Widewsprintf
                                                                                                                                                                                                                                        • String ID: <%hs at %Id (%Id)>
                                                                                                                                                                                                                                        • API String ID: 2754229576-3200932714
                                                                                                                                                                                                                                        • Opcode ID: e17d266f3801b9cbcc5d7996f9cf4b9f67ae6f61ed07949a661cbef954a60914
                                                                                                                                                                                                                                        • Instruction ID: e3814c7fdd22ba935deb49fc55d9b63edf34b403e75208acda6e3297b6feadd3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e17d266f3801b9cbcc5d7996f9cf4b9f67ae6f61ed07949a661cbef954a60914
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 831193F2B19F4585EA918B25F8097E963A1AB88FB8F545131DD1E43794DE3CD159C300
                                                                                                                                                                                                                                        Function 00007FFB1C4FC630 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Time$Arg_DateFileParseSizeTuple_
                                                                                                                                                                                                                                        • String ID: DosDateTimeToFileTime$FileTimeToSystemTime
                                                                                                                                                                                                                                        • API String ID: 2214670548-3006328108
                                                                                                                                                                                                                                        • Opcode ID: 62a7c602ff2cd10c6a6c07fb5a8437c41e5f506f5d4ecfb7f4ceaaf4f8dc3e65
                                                                                                                                                                                                                                        • Instruction ID: 89da15a47d1f6f48c7ec30f89c6cbaf22ecb2a72d96009a668cb8e31506a450a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62a7c602ff2cd10c6a6c07fb5a8437c41e5f506f5d4ecfb7f4ceaaf4f8dc3e65
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 951127D2A1CD4381FAA0AB35D85A1FA63A2FFD4B5CFA05032E54D82555DE6CD526CB00
                                                                                                                                                                                                                                        Function 00007FFB1C4F1970 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Formatmemcpyrealloc
                                                                                                                                                                                                                                        • String ID: SetACL: Unable to reallocate ACL to size %d
                                                                                                                                                                                                                                        • API String ID: 2667793433-1849531889
                                                                                                                                                                                                                                        • Opcode ID: 8ae7db3bac32db33fa7989b0d83afbf34381a0f3a966f04e41738067581a8d2a
                                                                                                                                                                                                                                        • Instruction ID: 95a3bd581f1aa566abe5d955c69a258a3a8e9466ca39d3742777db97a1546f84
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ae7db3bac32db33fa7989b0d83afbf34381a0f3a966f04e41738067581a8d2a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A1181E1B08F8182E6549F66E4490BA73A2FB88FD4B248035DE8D47755DF3CD0A08344
                                                                                                                                                                                                                                        Function 00007FFB1C4F4C90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: Object must be a PyDEVMODEW$PyDEVMODE cannot be None in this context
                                                                                                                                                                                                                                        • API String ID: 1450464846-2899910425
                                                                                                                                                                                                                                        • Opcode ID: 296e51d46d7797cfe4e6e54c54b2b12a9727ee875e5aed5ca7b726e3b74f56c6
                                                                                                                                                                                                                                        • Instruction ID: 5de8a9429ee49041f3893f3da46504d9c0ccddc6dcfc9f242a94523538f78510
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 296e51d46d7797cfe4e6e54c54b2b12a9727ee875e5aed5ca7b726e3b74f56c6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D1124E2B18E4681EF948F39F4952B82362FBC8B98F645031DA1D87765DE3DD4A6C700
                                                                                                                                                                                                                                        Function 00007FFB1C4FCD80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyLong_AsVoidPtr.PYTHON311 ref: 00007FFB1C4FCD95
                                                                                                                                                                                                                                        • PyErr_Occurred.PYTHON311 ref: 00007FFB1C4FCDA3
                                                                                                                                                                                                                                        • PyErr_Clear.PYTHON311 ref: 00007FFB1C4FCDAE
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyNumber_Long.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB65
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB73
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyLong_AsLongLong.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB81
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB90
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Clear.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB9B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyLong_AsUnsignedLongLong.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBA4
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBB3
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: _Py_Dealloc.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBC7
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Format.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBE6
                                                                                                                                                                                                                                        • PyErr_Format.PYTHON311 ref: 00007FFB1C4FCDDC
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Long$Occurred$Long_$ClearFormat$DeallocNumber_UnsignedVoid
                                                                                                                                                                                                                                        • String ID: WPARAM is simple, so must be an int object (got %s)
                                                                                                                                                                                                                                        • API String ID: 4021378859-3057595559
                                                                                                                                                                                                                                        • Opcode ID: 02b56a566c1a4a7a55b8aaab7b1770d5aa7f845b2bccaeea10cf3dc9fb77a404
                                                                                                                                                                                                                                        • Instruction ID: 92716e32864cab105e2e14593819046f16ad59feadb8249b02b696c791be3be5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02b56a566c1a4a7a55b8aaab7b1770d5aa7f845b2bccaeea10cf3dc9fb77a404
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A60140E5A08F8281EA908B26F4491A96762FF88BE8F185031DE4D97755DF2CE4A0C304
                                                                                                                                                                                                                                        Function 00007FFB1C4F9120 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Authority$Arg_CountErr_ParseSizeStringTuple_
                                                                                                                                                                                                                                        • String ID: The index is out of range
                                                                                                                                                                                                                                        • API String ID: 2377407092-505141048
                                                                                                                                                                                                                                        • Opcode ID: 6680184f28556a8510fd87d9532068d21d489cf2536c8da2909bfd1d201d03b2
                                                                                                                                                                                                                                        • Instruction ID: 5db9cdc26c9d3dfcf8a03eb5c41206be372693717db0cc34b093b81711219876
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6680184f28556a8510fd87d9532068d21d489cf2536c8da2909bfd1d201d03b2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80012DE5A19E4682EB848F35E8990F93362FBC4B65F605032DE5E83364CE3CD4A8C700
                                                                                                                                                                                                                                        Function 00007FFB0BE41460 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • OBJ_txt2obj.LIBCRYPTO-1_1 ref: 00007FFB0BE41480
                                                                                                                                                                                                                                        • PyModule_GetState.PYTHON311 ref: 00007FFB0BE41495
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE414C8: OBJ_obj2nid.LIBCRYPTO-1_1(?,?,?,?,?,00007FFB0BE414A6), ref: 00007FFB0BE414EA
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE414C8: OBJ_nid2sn.LIBCRYPTO-1_1(?,?,?,?,?,00007FFB0BE414A6), ref: 00007FFB0BE414FC
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE414C8: OBJ_nid2ln.LIBCRYPTO-1_1(?,?,?,?,?,00007FFB0BE414A6), ref: 00007FFB0BE41507
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB0BE414C8: _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00007FFB0BE414A6), ref: 00007FFB0BE41535
                                                                                                                                                                                                                                        • ASN1_OBJECT_free.LIBCRYPTO-1_1 ref: 00007FFB0BE414AC
                                                                                                                                                                                                                                        • PyErr_Format.PYTHON311 ref: 00007FFB0BE435EC
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: BuildErr_FormatJ_nid2lnJ_nid2snJ_obj2nidJ_txt2objModule_SizeStateT_freeValue_
                                                                                                                                                                                                                                        • String ID: unknown object '%.100s'
                                                                                                                                                                                                                                        • API String ID: 2376969911-3113687063
                                                                                                                                                                                                                                        • Opcode ID: 71e74a13b732bae6e8ee2fb359e2a9068daa7e20295f31e202c3ca076c3bfdef
                                                                                                                                                                                                                                        • Instruction ID: 7ed6bb6253cad71891bd3e2808d69fe608a42a88dc5986df8bee2ff3ad27cd61
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71e74a13b732bae6e8ee2fb359e2a9068daa7e20295f31e202c3ca076c3bfdef
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91F019A5B0CA4681EE08CB36E95487966A1AF88FC0B48C830DE0F97B39DF2CE4458704
                                                                                                                                                                                                                                        Function 00007FFB1BB139D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_do_allDeallocFrozenModule_ObjectSet_
                                                                                                                                                                                                                                        • String ID: openssl_md_meth_names
                                                                                                                                                                                                                                        • API String ID: 3817856336-1600430994
                                                                                                                                                                                                                                        • Opcode ID: 0ecef69528bba2f674d422e762337aae277f4fc00432afcb55193025b314ebfb
                                                                                                                                                                                                                                        • Instruction ID: 46f8f89e10be108ef9456317a4d3f8961bbb357742039d4aeb75f0c1aec3367c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ecef69528bba2f674d422e762337aae277f4fc00432afcb55193025b314ebfb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA014FE9A29E42C2EA304B35F84437B6352FB44774F54A135D99E439B4DF2CD245C700
                                                                                                                                                                                                                                        Function 00007FFB1C4FD2F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Long$FromLong_$BuildSizeValue_
                                                                                                                                                                                                                                        • String ID: NiNNi(ii)
                                                                                                                                                                                                                                        • API String ID: 4007579727-1588869203
                                                                                                                                                                                                                                        • Opcode ID: c85a94eb85baeca8ebb4157d8922ad92549744df1d53f177036b3ecbebdcb8c2
                                                                                                                                                                                                                                        • Instruction ID: 241c127ff9a77d11b2d550dbc5e1daf2322c3f1612a14d4817b3302b0db40700
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c85a94eb85baeca8ebb4157d8922ad92549744df1d53f177036b3ecbebdcb8c2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26019AB6A08B4187D764CF12F44546AB7A1F78CBA4B144129EF9E87B14DF3CE455CB04
                                                                                                                                                                                                                                        Function 00007FFB1BB13A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_$Err_ExceptionObjectState
                                                                                                                                                                                                                                        • String ID: UnsupportedDigestmodError$_hashlib.UnsupportedDigestmodError
                                                                                                                                                                                                                                        • API String ID: 2341384915-1819944972
                                                                                                                                                                                                                                        • Opcode ID: de2a3cdb55a8fb2c30734c47ac6b54069ba4f62546fd449cf49a95a09ef61a98
                                                                                                                                                                                                                                        • Instruction ID: bc7bc8b972e92a12f4c6d55445c8a571b4f5d71f533b56740842c25ec7156e4d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de2a3cdb55a8fb2c30734c47ac6b54069ba4f62546fd449cf49a95a09ef61a98
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1F049E9729E42D1EA208B36F48027A23A2FF09BF0B54A131DD1D07BB4EE2CD0858700
                                                                                                                                                                                                                                        Function 00007FFB1C4F7B40 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DescriptorSecurity$ControlLengthfreemallocmemcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3383347431-0
                                                                                                                                                                                                                                        • Opcode ID: e7857c10215cbf427a8dce18fe96708adeb604280611690aaba83978a40194d7
                                                                                                                                                                                                                                        • Instruction ID: c212b0bcbcafdac724f75ec863c815ec3c4d039000f2e64950b0c9763e52f0c4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e7857c10215cbf427a8dce18fe96708adeb604280611690aaba83978a40194d7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E1193E2B08E4182FB458B7AF5451F95366EB89BE8F184035EF0D87795DF2CD8A58700
                                                                                                                                                                                                                                        Function 00007FFB0BE4BFEC Relevance: 7.6, APIs: 5, Instructions: 60encryptionCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CertStore$CloseOpen$Collection
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1995843185-0
                                                                                                                                                                                                                                        • Opcode ID: 5a2e3e82500aae8d50404ead142e1937b6afdcf1ab011bcf3828920977efb4c3
                                                                                                                                                                                                                                        • Instruction ID: 02722078e447368e4215605934c9ad1441676a84d1586a042c9274a2dcba2f99
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a2e3e82500aae8d50404ead142e1937b6afdcf1ab011bcf3828920977efb4c3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB214571B1965586E7688F26E904B69A762FB44B80F54C834CE5F83B74DF3CE9458700
                                                                                                                                                                                                                                        Function 00007FFB1BB12880 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_Bytes_DeallocDigestErr_FinalFromIndexKeywordsLong_Number_OccurredSizeSsize_tStringUnpackX_freeX_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1823454907-0
                                                                                                                                                                                                                                        • Opcode ID: 7180ad344d98af189200bf27569e478682f3f974267ca17795c8dff12bd65628
                                                                                                                                                                                                                                        • Instruction ID: d4a6bcfc1d5a6950fb1be58ef96c090055ef58d49289d60721c271ed80629327
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7180ad344d98af189200bf27569e478682f3f974267ca17795c8dff12bd65628
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD2131A9A09F42C1EA658B25F81436A6296FF45BF0F189334DD6D07BF4DF3CE4018600
                                                                                                                                                                                                                                        Function 00007FFB1BB126B0 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Mem_$Arg_DeallocDigestErr_FinalFreeIndexKeywordsLong_MallocNumber_OccurredPy_strhexSsize_tUnpackX_freeX_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2315686776-0
                                                                                                                                                                                                                                        • Opcode ID: 47138028d4f6d35a6d8f62a2627d688f4d5a763699dd4076bac901977ea7f123
                                                                                                                                                                                                                                        • Instruction ID: 12c1c40db223e948d37d1f1b339fe1dfd00ae9edbb6195da8b22006009266133
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47138028d4f6d35a6d8f62a2627d688f4d5a763699dd4076bac901977ea7f123
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB210EA9A09F42C6EA648B35F40436B6296FF45BB4F18A234DD6D07BE4DF3CE4058B40
                                                                                                                                                                                                                                        Function 00007FFB1C4F89F0 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • _Py_NewReference.PYTHON311(?,?,?,00007FFB1C4F6FA7,?,?,?,00007FFB1C4F6DB3), ref: 00007FFB1C4F8A0D
                                                                                                                                                                                                                                        • GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FFB1C4F6FA7,?,?,?,00007FFB1C4F6DB3), ref: 00007FFB1C4F8A1E
                                                                                                                                                                                                                                        • GetSecurityDescriptorControl.ADVAPI32(?,?,?,00007FFB1C4F6FA7,?,?,?,00007FFB1C4F6DB3), ref: 00007FFB1C4F8A4F
                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB1C4F6FA7,?,?,?,00007FFB1C4F6DB3), ref: 00007FFB1C4F8A68
                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?,00007FFB1C4F6FA7,?,?,?,00007FFB1C4F6DB3), ref: 00007FFB1C4F8A7B
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DescriptorSecurity$ControlLengthReferencemallocmemcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3412238872-0
                                                                                                                                                                                                                                        • Opcode ID: 0924d954c512e0fcf60749aef10ef472a13c496c80934ad39c74d46c3afd3458
                                                                                                                                                                                                                                        • Instruction ID: c7a7f9f28315c3647f74e2469db0ded056009ee103d1ce6a7ec4351848e5208b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0924d954c512e0fcf60749aef10ef472a13c496c80934ad39c74d46c3afd3458
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3117CA2B08F0182FA849B6AE5083E96365EB85BE8F180030CF4C47B95DF3CE5A58310
                                                                                                                                                                                                                                        Function 00007FFB0BE43EE0 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_get_session
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1156357689-0
                                                                                                                                                                                                                                        • Opcode ID: 24f3a929b627d3edd67ad487b7ffab494952eadf646e3ec3c78d8e468c2bead0
                                                                                                                                                                                                                                        • Instruction ID: 3d5733bd4d845ae8e0974e495a754ea19b944e40ed020128a8d2f71df254b525
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24f3a929b627d3edd67ad487b7ffab494952eadf646e3ec3c78d8e468c2bead0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B111861A09B4281EE288F26E85457923B0FF88F84B148935EE4F83775DF3CE852D344
                                                                                                                                                                                                                                        Function 00007FFB1D341000 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429922505.00007FFB1D341000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB1D340000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429853098.00007FFB1D340000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429947748.00007FFB1D342000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429971284.00007FFB1D343000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1430006201.00007FFB1D344000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1d340000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$BuildCreateErr_FromRestoreSaveSequentialSizeUuidValue_Windows
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 170011378-0
                                                                                                                                                                                                                                        • Opcode ID: 6b100998d7ddf39f079f4caf39b09ff1818fa8c7589a3d9e3de9bb19b7a62f6b
                                                                                                                                                                                                                                        • Instruction ID: 1aa70d348befc0ece2baf941e24b0686f14e2f5cdc80d9643daef16898524fa2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b100998d7ddf39f079f4caf39b09ff1818fa8c7589a3d9e3de9bb19b7a62f6b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F012CB5B18E8682EA509B35F894139A2A3FF8DBA0F844231DA8E17658FF3CD545C710
                                                                                                                                                                                                                                        Function 00007FFB0BE437D8 Relevance: 7.5, APIs: 5, Instructions: 26COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocObject_$N_freeTrack
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1683932209-0
                                                                                                                                                                                                                                        • Opcode ID: d74b1ad4305523c2a0ae2b15e3bd421f7bf16f9a9ab9d0d910e22d9bc2edf2e0
                                                                                                                                                                                                                                        • Instruction ID: 749c544352ba42e9112d4eda3421f3b9a90b35dd5dddf0db81cf04fe97ffec35
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d74b1ad4305523c2a0ae2b15e3bd421f7bf16f9a9ab9d0d910e22d9bc2edf2e0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76F0DAB6B09A4285EE5C9FB5E9548386370FF48F94B18D930CA5F82675CF2CE8558704
                                                                                                                                                                                                                                        Function 00007FFB1C4F9D20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_Err_ParseStringTuple
                                                                                                                                                                                                                                        • String ID: iiiiiiiii|i$year out of range
                                                                                                                                                                                                                                        • API String ID: 385655187-1001734015
                                                                                                                                                                                                                                        • Opcode ID: 9e1bb66ad6ca0f8b7537671749ff14e801957f67995f66e4dda0b8b5f8be5cc5
                                                                                                                                                                                                                                        • Instruction ID: c92e3166ad0aecf8b8d54cb0a07fb71ecbd816cb9b29af90137a86356c515d51
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e1bb66ad6ca0f8b7537671749ff14e801957f67995f66e4dda0b8b5f8be5cc5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8331ADF6A18B4186E308CF28D4485EC33A6F758F94B65823ACB9D83740DF3AD9A1C740
                                                                                                                                                                                                                                        Function 00007FFB1C4FA330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Timefloor$SystemVariant
                                                                                                                                                                                                                                        • String ID: VariantTimeToSystemTime
                                                                                                                                                                                                                                        • API String ID: 1266533630-2676162551
                                                                                                                                                                                                                                        • Opcode ID: 583ecbd076eca756ecbd80be2c2a9bc8911aa8977cab1fec5636534ac8a20ea9
                                                                                                                                                                                                                                        • Instruction ID: 04bc8a92953f85503a7a6ae913e42cf2231719587ec136f7e8cf7f8899099443
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 583ecbd076eca756ecbd80be2c2a9bc8911aa8977cab1fec5636534ac8a20ea9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4831A8D1C1CE5544E2438734D45A1E5E35B7FAA3ADB649333FC9EB1526EF28A0E24604
                                                                                                                                                                                                                                        Function 00007FFB1C4FD200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseSizeTuple_
                                                                                                                                                                                                                                        • String ID: OiOOi(ii):MSG param$The object is not a PyHANDLE object
                                                                                                                                                                                                                                        • API String ID: 2270327996-2297966167
                                                                                                                                                                                                                                        • Opcode ID: d0f7e70a3e2eb42cc9c0875d4a9e88f8f12a36162f52c9341692e0a64383c9d6
                                                                                                                                                                                                                                        • Instruction ID: 05cb3f5b308d27921736f472646b9e2a801f76dd0c933079940fcbbe19011606
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0f7e70a3e2eb42cc9c0875d4a9e88f8f12a36162f52c9341692e0a64383c9d6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E212FF2B09F0691EB408F25E4490E973A7FB84BA8F650132CA5C87264EF38D965C780
                                                                                                                                                                                                                                        Function 00007FFB1C4F8EF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_InitializeParseSizeTuple_
                                                                                                                                                                                                                                        • String ID: (bbbbbb)b:Initialize$InitializeSid
                                                                                                                                                                                                                                        • API String ID: 3719922413-750340051
                                                                                                                                                                                                                                        • Opcode ID: b619559db3cac02bd74ff1eeb396311882dd3eee7944cfb3a289797907d766b6
                                                                                                                                                                                                                                        • Instruction ID: 7d66c66feb1a11c92dd875bea61f1adcd46b4598fd3e2d1b3a7da2d73d7c4e19
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b619559db3cac02bd74ff1eeb396311882dd3eee7944cfb3a289797907d766b6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C213DF2B1CE4681EF40CB21E4590ED33A2FB88B55BA10132DA6D86651DE39D569CB10
                                                                                                                                                                                                                                        Function 00007FFB1C4F3D8C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_DeleteParseTuple
                                                                                                                                                                                                                                        • String ID: DeleteAce$l:DeleteAce
                                                                                                                                                                                                                                        • API String ID: 1230908747-3702189175
                                                                                                                                                                                                                                        • Opcode ID: 623cc51a02aebe304fb3dbe0d97f51f8408ca90a5e7f1d1610d6055082d7903c
                                                                                                                                                                                                                                        • Instruction ID: 8a49cb2cd140d541032b21807f0686dc3eeba28ca16285fc8b789ab3db0d67c0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 623cc51a02aebe304fb3dbe0d97f51f8408ca90a5e7f1d1610d6055082d7903c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B20148D6A19A8646E7464B75D8952F83B72EF85B58F588071CA8D82252DD2CD0B2C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F4D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • DEVMODE structure of size %d greater than supported size of %d, xrefs: 00007FFB1C4F4D8C
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Format
                                                                                                                                                                                                                                        • String ID: DEVMODE structure of size %d greater than supported size of %d
                                                                                                                                                                                                                                        • API String ID: 376477240-1470040908
                                                                                                                                                                                                                                        • Opcode ID: c550b4da3e2f629c09c53c4d80d9fe90c627c8d4c2fd11189a3378e650016cc0
                                                                                                                                                                                                                                        • Instruction ID: d8cb1869c80f14c334d8b4105a6f76902f9392f9c68312d667784ca722a7a41b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c550b4da3e2f629c09c53c4d80d9fe90c627c8d4c2fd11189a3378e650016cc0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86113CD1A19E0681FE949B7AD8492B823A2EBC8FA8F541031CE0D8B791DF2CD5A18310
                                                                                                                                                                                                                                        Function 00007FFB1C4F50D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: CloseHandle$The object is not a PyHANDLE object
                                                                                                                                                                                                                                        • API String ID: 0-4264222050
                                                                                                                                                                                                                                        • Opcode ID: 93363dac3a49d37f0c2a277fcd3d42564fc9b3c49902e18d78d75bfbd9c90053
                                                                                                                                                                                                                                        • Instruction ID: f1a2728f0adb4dcc8759d23bb3be455e3a22eb4feb5464fad0dadd4ac802543f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93363dac3a49d37f0c2a277fcd3d42564fc9b3c49902e18d78d75bfbd9c90053
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 801186E1F1DE0282EB549B39D8951B523A2FF88778FA44231D61E82291EF2CE5658340
                                                                                                                                                                                                                                        Function 00007FFB0BE46594 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_CheckErr_Long_OccurredPositional
                                                                                                                                                                                                                                        • String ID: read
                                                                                                                                                                                                                                        • API String ID: 3612027452-2555855207
                                                                                                                                                                                                                                        • Opcode ID: 57c2fb3b107e7da3e93128b8949a2f0467cb6c1dc08e0888ab0e227e2d8d1cb9
                                                                                                                                                                                                                                        • Instruction ID: 1274ed1e9de83d94d9e1e1bf4433df56844f81757a00d3ad1846999b68df22a6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57c2fb3b107e7da3e93128b8949a2f0467cb6c1dc08e0888ab0e227e2d8d1cb9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A01C471B04A5189EB589F32E84092962A4EB8AFD0B48C971DE1EC37B4CF3CE8418700
                                                                                                                                                                                                                                        Function 00007FFB1C4F8070 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_DescriptorOwnerParseSecurityTuple
                                                                                                                                                                                                                                        • String ID: :GetSecurityDescriptorOwner$GetSecurityDescriptorOwner
                                                                                                                                                                                                                                        • API String ID: 2338322640-1512101531
                                                                                                                                                                                                                                        • Opcode ID: 819552520869226b164d8dd710380261cb0f5186958f6194e3ebcee553805cb9
                                                                                                                                                                                                                                        • Instruction ID: de5a54c9416b09375d000bdddbade697dafdbda08000a88571e610f6c640116f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 819552520869226b164d8dd710380261cb0f5186958f6194e3ebcee553805cb9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D0180D1E18D0682FB949B75E8492F923A2FFC5B68FA45035CA0D87395EE2CD4A5C700
                                                                                                                                                                                                                                        Function 00007FFB0BE4A9A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyUnicode_InternFromString.PYTHON311(?,?,00000000,00007FFB0BE4A0BF), ref: 00007FFB0BE4A9BB
                                                                                                                                                                                                                                        • PyUnicode_InternFromString.PYTHON311(?,?,00000000,00007FFB0BE4A0BF), ref: 00007FFB0BE4A9E0
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FromInternStringUnicode_
                                                                                                                                                                                                                                        • String ID: pkcs_7_asn$x509_asn
                                                                                                                                                                                                                                        • API String ID: 3337471625-3375957347
                                                                                                                                                                                                                                        • Opcode ID: 066b5ee37515c209f2998fc354234271979c623fd6da6c3d9e5caf0aaff83e4a
                                                                                                                                                                                                                                        • Instruction ID: 7d711205b724f60dc9324d9ed1726ff358feffe69e82ce7e714b6648123d6294
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 066b5ee37515c209f2998fc354234271979c623fd6da6c3d9e5caf0aaff83e4a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 250125A5E5DA0795FE5D8B35F85093422A0AF49754F14DD39C90FC27B0EF2CB8999300
                                                                                                                                                                                                                                        Function 00007FFB1C4FC590 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_CreateGuidParseReferenceSizeTuple_
                                                                                                                                                                                                                                        • String ID: :CreateGuid
                                                                                                                                                                                                                                        • API String ID: 2232489080-3559396464
                                                                                                                                                                                                                                        • Opcode ID: 81a6f26ddae4cf656ab497c75f98e1e93aa418111fb2b5a32fd23462dea31580
                                                                                                                                                                                                                                        • Instruction ID: 7015ad79938d5e8fdf7e541cb121959355203f4f5047f7cb0a31be8981b8ea90
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81a6f26ddae4cf656ab497c75f98e1e93aa418111fb2b5a32fd23462dea31580
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D0156E6A0CF4181EA909B35E85A1E973A1FBC9BA4F945135DA8E42315DF3CE1A5CB00
                                                                                                                                                                                                                                        Function 00007FFB1C4F5F50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FromString$CharErr_Unicode_Wide
                                                                                                                                                                                                                                        • String ID: The string is too long
                                                                                                                                                                                                                                        • API String ID: 1358704699-1150129668
                                                                                                                                                                                                                                        • Opcode ID: 7e1125a6cb6efc6066532d22f082067941cd8626ff32605c2b5c4cd30fb06f84
                                                                                                                                                                                                                                        • Instruction ID: d3ee3e97fea529d29ee60f41633d4cb9bdb1ac7e642d2abe93a33ffef1701ab8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e1125a6cb6efc6066532d22f082067941cd8626ff32605c2b5c4cd30fb06f84
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 420112F1A18E4185FAA09B24E85A3F96362FBCCB78F904231D55D872E5DE6CD165CB00
                                                                                                                                                                                                                                        Function 00007FFB0BE46178 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_StringX_get_verify_callbackX_set_verify
                                                                                                                                                                                                                                        • String ID: invalid value for verify_mode
                                                                                                                                                                                                                                        • API String ID: 93861573-2668209411
                                                                                                                                                                                                                                        • Opcode ID: 425b172615a542384593a97577fb3bada095e761ae3a8a91f17dfef478dbbc85
                                                                                                                                                                                                                                        • Instruction ID: 3fcea855d7a7f61c6f478efb39df2997badda81718e856b1b2bc01cd6da6341d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 425b172615a542384593a97577fb3bada095e761ae3a8a91f17dfef478dbbc85
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DCF044A1B1860285E7588B79D8945382260FF8AB94F54C971CA1FC77B5CF2DE8448300
                                                                                                                                                                                                                                        Function 00007FFB1C4F1B10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_InitializeParseTuple
                                                                                                                                                                                                                                        • String ID: :Initialize$InitializeAcl
                                                                                                                                                                                                                                        • API String ID: 1991639834-2627007299
                                                                                                                                                                                                                                        • Opcode ID: cdac90dbb315558f72e1bd80884f203c2f7f5f4b8f819a155c73672637f83d32
                                                                                                                                                                                                                                        • Instruction ID: b4ee9ab18e57afe74266d6ee9f39aa6a72be0f5f3308898eaf2f36bfd81713cb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdac90dbb315558f72e1bd80884f203c2f7f5f4b8f819a155c73672637f83d32
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68F036D1F08D1681FB958B76DC590B523A2EF84F69F685031CA0D86360EE2CD4B59305
                                                                                                                                                                                                                                        Function 00007FFB1C4F52B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON311 ref: 00007FFB1C4F52CA
                                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00007FFB1C4F52D7
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON311 ref: 00007FFB1C4F52E2
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC0BB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC12A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyUnicode_DecodeMBCS.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC1FB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC210
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC228
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyErr_SetObject.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC23D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_Dealloc.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC24C
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$BuildCloseDeallocDecodeErr_ErrorFormatFreeHandleLastLocalMessageObjectRestoreSaveSizeUnicode_Value_
                                                                                                                                                                                                                                        • String ID: CloseHandle
                                                                                                                                                                                                                                        • API String ID: 2420468086-2962429428
                                                                                                                                                                                                                                        • Opcode ID: 103f9fa4bdb0d0616c8b586c91b8a41807682e5226f61c7b12e3c8cfa75eee74
                                                                                                                                                                                                                                        • Instruction ID: aed394e12f1d3a4e9f23469f9f6e12eb3517df662a2f0782035e54fe0910b5de
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 103f9fa4bdb0d0616c8b586c91b8a41807682e5226f61c7b12e3c8cfa75eee74
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2EF068B6E18E4182EB919735F4893F963A2EBD87A4F691030DA4E83751DF7CD4928740
                                                                                                                                                                                                                                        Function 00007FFB1C4FFE88 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                        • API String ID: 2542180945-1018135373
                                                                                                                                                                                                                                        • Opcode ID: a3f181e4645522ee0c5c135495326946e4810cbaa9c199b01633478fd2f3168f
                                                                                                                                                                                                                                        • Instruction ID: e81dc3e4c8d7ec15886b7e969132db6a7010c24bd157b4f2f37f068e0fcc4591
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3f181e4645522ee0c5c135495326946e4810cbaa9c199b01633478fd2f3168f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05F0E2B7609B84CAE7149F25E8944AC37A5F748BACB595120FA4D47B55CF38D8A08380
                                                                                                                                                                                                                                        Function 00007FFB1C4FF850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                        • API String ID: 2542180945-1018135373
                                                                                                                                                                                                                                        • Opcode ID: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
                                                                                                                                                                                                                                        • Instruction ID: fe0b52944ac3f82835c2f12182288e99dc64ce526a317b3d3df1e64fcafa7896
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3F036B290C94A87E7255F39E1890AD27E2FB48B58F744431D74847645DF3CD8B1C781
                                                                                                                                                                                                                                        Function 00007FFB1BB12A10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_typeDeallocFormatFromJ_nid2lnUnicode_X_md
                                                                                                                                                                                                                                        • String ID: <%U %s object @ %p>
                                                                                                                                                                                                                                        • API String ID: 2860719311-1790359138
                                                                                                                                                                                                                                        • Opcode ID: 1b18d0cf9a22bb62dfafc906c3ab7905fdebac55b34ed4e407516752b1c75b05
                                                                                                                                                                                                                                        • Instruction ID: ee2e54c3cd7ce3dd62864d9001a64f89ae49a87dcda1826a78961904338d2025
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b18d0cf9a22bb62dfafc906c3ab7905fdebac55b34ed4e407516752b1c75b05
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65F06DE5A1AE42C1DE348B63F90427A6262FF48FE4B14A035DD0D07B74DE2CE041C340
                                                                                                                                                                                                                                        Function 00007FFB0BE4463C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DecodeErr_O_ctrlStringUnicode_
                                                                                                                                                                                                                                        • String ID: Not a memory BIO
                                                                                                                                                                                                                                        • API String ID: 3520065620-587638661
                                                                                                                                                                                                                                        • Opcode ID: 5367da3e2ef3d21045a492ce5848ae757d26fe0a781568698f1fa2f133f89e93
                                                                                                                                                                                                                                        • Instruction ID: dc17c937dd6685723f09e9ac708d54f9e6904fc176e755b7457e6b7b9e946e31
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5367da3e2ef3d21045a492ce5848ae757d26fe0a781568698f1fa2f133f89e93
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5F01DA1B2A64282EB488B71E854B752364EF84B81F45D831DD0FC6674DF7CD4488700
                                                                                                                                                                                                                                        Function 00007FFB0BE498E4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_get_versionL_is_init_finishedstrcmp
                                                                                                                                                                                                                                        • String ID: unknown
                                                                                                                                                                                                                                        • API String ID: 1061301088-2904991687
                                                                                                                                                                                                                                        • Opcode ID: f533d49d98b3f4fe84e75046a9198fe4e3fb962f824e9c1164a3374f8e08a3f1
                                                                                                                                                                                                                                        • Instruction ID: 1a0eac296b80baebf9714ab9c9a546ba41db3455b3e1660986ed02d680835c74
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f533d49d98b3f4fe84e75046a9198fe4e3fb962f824e9c1164a3374f8e08a3f1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0DF0FE95F0950681EE1D8F76D89197513A0DF58B44B089931CD1FC6275EF2CE891D200
                                                                                                                                                                                                                                        Function 00007FFB1C4F61B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: From$CharStringUnicode_Widewsprintf
                                                                                                                                                                                                                                        • String ID: IID('%ws')
                                                                                                                                                                                                                                        • API String ID: 3341265217-2301737843
                                                                                                                                                                                                                                        • Opcode ID: 978ae8c9557988e9469a335bdd05de8ff809109adc4b39760aa758ecb948c63a
                                                                                                                                                                                                                                        • Instruction ID: 7064a3edb0f17ae6d213cdbd547bc5ea0223f709118267b2a7507fd218a69559
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 978ae8c9557988e9469a335bdd05de8ff809109adc4b39760aa758ecb948c63a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5AF044E1A18E8691EBA09B24E4593ED2371FB88774F900331C5AD436E5DF3CD259CB00
                                                                                                                                                                                                                                        Function 00007FFB1BB15F34 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_typeDeallocFormatFromJ_nid2lnUnicode_X_get_md
                                                                                                                                                                                                                                        • String ID: <%U HMAC object @ %p>
                                                                                                                                                                                                                                        • API String ID: 3107003933-749664232
                                                                                                                                                                                                                                        • Opcode ID: 9123fc9828d36e3fbdc6ae70f09577451695a519dd7984d04cc1e9edfca43426
                                                                                                                                                                                                                                        • Instruction ID: 703b22e02cb107c83a63b1d2502067db4a28d47c27ddec1f9e25cad21e98841d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9123fc9828d36e3fbdc6ae70f09577451695a519dd7984d04cc1e9edfca43426
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27F08295A19E42C1DE244B36F94427A5352FF48FE4B58A030DD0E07B75DD2CD0418340
                                                                                                                                                                                                                                        Function 00007FFB1C4FCFE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • llll;RECT must be a tuple of 4 ints (left, top, right, bottom), xrefs: 00007FFB1C4FD02E
                                                                                                                                                                                                                                        • RECT must be a tuple of 4 ints (left, top, right, bottom), xrefs: 00007FFB1C4FCFFE
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_Err_ParseSizeStringTuple_
                                                                                                                                                                                                                                        • String ID: RECT must be a tuple of 4 ints (left, top, right, bottom)$llll;RECT must be a tuple of 4 ints (left, top, right, bottom)
                                                                                                                                                                                                                                        • API String ID: 4247878537-1420951713
                                                                                                                                                                                                                                        • Opcode ID: 222e309d8355550e5832714003edcf3a023008742e579354a05e70640e4557c3
                                                                                                                                                                                                                                        • Instruction ID: f1eba305d0aa31e166b0ca5bd1eb0dd706bc3c34b32ec0f04c182fb4a9d4e88b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 222e309d8355550e5832714003edcf3a023008742e579354a05e70640e4557c3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AF03AE5A04F8584DA50CF24E4491E977A1FB88BA8FA48132CA4C83360EF3CD169C700
                                                                                                                                                                                                                                        Function 00007FFB1BB15828 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_typeDeallocFormatFromJ_nid2lnUnicode_X_get_md
                                                                                                                                                                                                                                        • String ID: hmac-%U
                                                                                                                                                                                                                                        • API String ID: 3107003933-3757664071
                                                                                                                                                                                                                                        • Opcode ID: 6567fa4647ef88b9abed13a9aa6087195479bb61dc5d0671dc72b95d3dfb01b3
                                                                                                                                                                                                                                        • Instruction ID: f78fa15037fb38a3e50ca01b696a520e8d857ad52d3e834d3f5beb8e25aa3822
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6567fa4647ef88b9abed13a9aa6087195479bb61dc5d0671dc72b95d3dfb01b3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13F030E5A26E42C1EE249B36F84427A6292FF44BE4B486030DD1E07B74DE2CE055C300
                                                                                                                                                                                                                                        Function 00007FFB0BE44518 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: String$Bytes_Err_FromO_ctrlSize
                                                                                                                                                                                                                                        • String ID: Not a memory BIO
                                                                                                                                                                                                                                        • API String ID: 2349510700-587638661
                                                                                                                                                                                                                                        • Opcode ID: 6b637601c9f6c5f06165f23919823917ae0b9c2986b407eacd70023c95467081
                                                                                                                                                                                                                                        • Instruction ID: 25587db8879d9520ad0420fa2f8d24ae9a8a095b2538cb30eebb4123eb11a13e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b637601c9f6c5f06165f23919823917ae0b9c2986b407eacd70023c95467081
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4BF0FEA1B2A54682EB48DB75E894B7923B1FF84B90F40D831D90FC6A78CF7CD4488700
                                                                                                                                                                                                                                        Function 00007FFB1C4FB220 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_FreeMem_Memoryfreemalloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 182096997-0
                                                                                                                                                                                                                                        • Opcode ID: 3e1bbe951a2bcbb7f9c4108a9beb0dd828bb9c0d07145f787c2a274da3f87fef
                                                                                                                                                                                                                                        • Instruction ID: 71e28377f1547c922c5965956244caffbfd8a02a558c7975cee56077227769ff
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e1bbe951a2bcbb7f9c4108a9beb0dd828bb9c0d07145f787c2a274da3f87fef
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD41BEF7A08E5585DA119F69D4482EEB7A2FB85BB8F594231DE1C03B94DF38D865C300
                                                                                                                                                                                                                                        Function 00007FFB0BE43FA8 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 264f59b29c2e60ad5458a888cd5849f628bcfc433ae35f5cce82d6fe721a6e98
                                                                                                                                                                                                                                        • Instruction ID: 80ddc1413294e8014857b11d376b9939c48e1566961d9486e45d3b2bddc834ed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 264f59b29c2e60ad5458a888cd5849f628bcfc433ae35f5cce82d6fe721a6e98
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2421A36271DB8582EB28CB34E844B6A62A0FB49754F548A35CA5F83BE4DF3CE5548601
                                                                                                                                                                                                                                        Function 00007FFB1C4F49F0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memset$Referencemalloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3353409452-0
                                                                                                                                                                                                                                        • Opcode ID: b7befbbb553d0c83d2461c6b1ebecfd6eb216ce7cbe421285a7cd5278520039c
                                                                                                                                                                                                                                        • Instruction ID: 1479cacd1b55eb35cff7a2a64f759f94ccd2997aa123f356f8814b42ec526a72
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7befbbb553d0c83d2461c6b1ebecfd6eb216ce7cbe421285a7cd5278520039c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB115E62A18B4487E760CF66F4840AEB775FB88B90B549039DB8D83B65EF7CE051C744
                                                                                                                                                                                                                                        Function 00007FFB0BE49014 Relevance: 6.0, APIs: 4, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$ErrorFromL_get_errorL_pendingLastLongLong_R_clear_errorR_peek_last_errorRestoreSave_errno
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1598009871-0
                                                                                                                                                                                                                                        • Opcode ID: 9c1c960ba11f3e120e8fda9d08e7babe74ef4d547a74dac2e6e21ad0d3a025e5
                                                                                                                                                                                                                                        • Instruction ID: 4f05e9f939756d4aea639ca552cc3a01b85a11f42313005ef05dd911049d8a12
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c1c960ba11f3e120e8fda9d08e7babe74ef4d547a74dac2e6e21ad0d3a025e5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D117066B08F81CAD714DF35E81046AA760FB99BC4B148931EE8E97B65DF3DD8418740
                                                                                                                                                                                                                                        Function 00007FFB1BB15EA8 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_MemoryX_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1734961617-0
                                                                                                                                                                                                                                        • Opcode ID: 9c8f69ad1f6e7f30dee6ecd8a6681d113a067c094ee9208f35b77297451f2a16
                                                                                                                                                                                                                                        • Instruction ID: 053023cd92c33acbc60ce4078f0a5450ff7b912b0c801293398931c868a2cbec
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c8f69ad1f6e7f30dee6ecd8a6681d113a067c094ee9208f35b77297451f2a16
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 060100E5B18E42C1EA209B72F94427B6296FF88BD4F58A431DE4E87F65DE2CD4514600
                                                                                                                                                                                                                                        Function 00007FFB1C4F8E60 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CopyLengthReferencemalloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3624451276-0
                                                                                                                                                                                                                                        • Opcode ID: b157e07c95a9c8d572615338e61ac09319742ffac4fbf334e5fe2d766c7b3e84
                                                                                                                                                                                                                                        • Instruction ID: 3493feba7f8063d5a9315ded2fd5c4c90d2a4e1ee6139dfaf402e13bf4a7f04f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b157e07c95a9c8d572615338e61ac09319742ffac4fbf334e5fe2d766c7b3e84
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D90171E1A08F5582EA849B66F9891BC63A6FB89BA0F540035DE4E83B54DF3CD4B18300
                                                                                                                                                                                                                                        Function 00007FFB1C4F4960 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memset$Referencemalloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3353409452-0
                                                                                                                                                                                                                                        • Opcode ID: 40d5f9c370ca688a64bc9c024acb4a871bbfef4b1f45284feaf56c1d98cd2959
                                                                                                                                                                                                                                        • Instruction ID: cef8a11ff0d221d2077f4cf5246aeb0e142d394adf9c01f4cad886c349644587
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40d5f9c370ca688a64bc9c024acb4a871bbfef4b1f45284feaf56c1d98cd2959
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 150162A2B14F9582E744CF26E4450AD7761FB88F94B289039DE4D83364EF39D461C784
                                                                                                                                                                                                                                        Function 00007FFB1BB1531C Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • HMAC_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB15329
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB1614C: PyThread_acquire_lock.PYTHON311(?,?,?,00007FFB1BB15342), ref: 00007FFB1BB1616C
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB1614C: PyEval_SaveThread.PYTHON311(?,?,?,00007FFB1BB15342), ref: 00007FFB1BB16176
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB1614C: PyThread_acquire_lock.PYTHON311(?,?,?,00007FFB1BB15342), ref: 00007FFB1BB16188
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB1614C: PyEval_RestoreThread.PYTHON311(?,?,?,00007FFB1BB15342), ref: 00007FFB1BB16191
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB1614C: HMAC_CTX_copy.LIBCRYPTO-1_1(?,?,?,00007FFB1BB15342), ref: 00007FFB1BB1619E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB1614C: PyThread_release_lock.PYTHON311(?,?,?,00007FFB1BB15342), ref: 00007FFB1BB161AF
                                                                                                                                                                                                                                        • HMAC_CTX_free.LIBCRYPTO-1_1 ref: 00007FFB1BB15349
                                                                                                                                                                                                                                        • _PyObject_New.PYTHON311 ref: 00007FFB1BB15366
                                                                                                                                                                                                                                        • HMAC_CTX_free.LIBCRYPTO-1_1 ref: 00007FFB1BB15374
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_ThreadThread_acquire_lockX_free$Object_RestoreSaveThread_release_lockX_copyX_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 601750000-0
                                                                                                                                                                                                                                        • Opcode ID: 910bbd5909ddbf961e26c05a6c90a662e8b967e6db6d8ba2c69c5655150d2a5d
                                                                                                                                                                                                                                        • Instruction ID: d9f06710a16d164efa9f0ee74632bc962a390af9a0b30ff6b14e2ede0a167e06
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 910bbd5909ddbf961e26c05a6c90a662e8b967e6db6d8ba2c69c5655150d2a5d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7901EC95A08E02C1EA249B32F85433A6292FF89BA0F58E034D90E47B75DE7CE4514340
                                                                                                                                                                                                                                        Function 00007FFB1C4F9290 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Referencemallocmemcpymemset
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1282408338-0
                                                                                                                                                                                                                                        • Opcode ID: b77799ee1f244540d25701f17866793c9c89f5f1a0f6a0ac012b7fdb2fd789a3
                                                                                                                                                                                                                                        • Instruction ID: e4aac4c695a86e8a9b5574407870c001536db64ea11c31e31cdf0f9677c92f45
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b77799ee1f244540d25701f17866793c9c89f5f1a0f6a0ac012b7fdb2fd789a3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3DF0A4A1B18F8182EA849B26F4440AD6361FB88FE4B588030EE4D43B19CF3CD4A28704
                                                                                                                                                                                                                                        Function 00007FFB1BB12440 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_typeJ_nid2lnJ_nid2snX_md
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1665016204-0
                                                                                                                                                                                                                                        • Opcode ID: ad0a154c44b83fbd3ef74d8e48a4f8046553ed4d4cf80b21cb30d303fe1dcb77
                                                                                                                                                                                                                                        • Instruction ID: 6bd52db3bb8fdcff2485228a06607739c2f40851a153c5a8646147fd0417a482
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad0a154c44b83fbd3ef74d8e48a4f8046553ed4d4cf80b21cb30d303fe1dcb77
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9401A8D9E19E02C1EE755F72F85437A1392FB55B74F14A439C50E06BB0DE3CA4458240
                                                                                                                                                                                                                                        Function 00007FFB1C4F8970 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DescriptorSecurityfree$InitializeLengthReferencemalloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2992339461-0
                                                                                                                                                                                                                                        • Opcode ID: 0dc44b47d06c0ad7fa6cda6ae473253aa23c0f04ad1c782ac5305d74120e97cf
                                                                                                                                                                                                                                        • Instruction ID: fd76292b0a65e4b87b673989623f2f6c707d6d02ba42682bde5d9e9bce3b3aa8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0dc44b47d06c0ad7fa6cda6ae473253aa23c0f04ad1c782ac5305d74120e97cf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16F036E1B08F0682EA849B22F9593B96352BB8DFD4F685034CE4E87755DF7DD4A58300
                                                                                                                                                                                                                                        Function 00007FFB1C4F42B0 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: InitializeReferencemallocmemset
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 306314696-0
                                                                                                                                                                                                                                        • Opcode ID: 0b6920f1e9c30665fcf75e21a82bdb9f50b22beea19e26ddc3505581595ad7a3
                                                                                                                                                                                                                                        • Instruction ID: e777cf9c591f2c0e9f6c6567588938eb85d82791efbe2467585719ead57373cd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b6920f1e9c30665fcf75e21a82bdb9f50b22beea19e26ddc3505581595ad7a3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4F04FA1A08F9186E780DB26F8450997765FB88FE0F688034EE4D43B29CF38D5A28744
                                                                                                                                                                                                                                        Function 00007FFB0BE488F8 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: P_get_type$J_nid2snL_get_current_compression
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 142675065-0
                                                                                                                                                                                                                                        • Opcode ID: d48050b3a8e178f892cfbe4768aac4593b7e4bdf96f789d05f2b44e3a21810cb
                                                                                                                                                                                                                                        • Instruction ID: 60760ca038e692256a8840dbe77f18dedf5b5e419d266b3380feb82bce06e3a0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d48050b3a8e178f892cfbe4768aac4593b7e4bdf96f789d05f2b44e3a21810cb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25F0DA90F0AA4A81EE1D4B76E854A3412A0AF88F55F08DC34CE1F863B0DF2CE891C200
                                                                                                                                                                                                                                        Function 00007FFB1BB13980 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_OccurredR_clear_errorR_peek_last_errorS_mode
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 744735716-0
                                                                                                                                                                                                                                        • Opcode ID: 804c0504ae068c66a2cdd546d9359cd87ddd5604e3abf768becb75fa313a1fb8
                                                                                                                                                                                                                                        • Instruction ID: f445d7c7fe393ddcd5db9fe1084089f86d9803353e61ad105bec36d223ce1065
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 804c0504ae068c66a2cdd546d9359cd87ddd5604e3abf768becb75fa313a1fb8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FF0D0D9B09E02C1F6745B76F8943362292FF49B74B14E230C91E82AF0EE1CA45A8251
                                                                                                                                                                                                                                        Function 00007FFB1C4F9310 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CopyLengthReferencemalloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3624451276-0
                                                                                                                                                                                                                                        • Opcode ID: 0093e95cd43e9d2aac695a9c3d57795569758bec3a4983fcda7c4f5f56ea7fb0
                                                                                                                                                                                                                                        • Instruction ID: 078904d42f77c235d5e2d9180aadad62f3074963f177b9d8df109c991c4e52b1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0093e95cd43e9d2aac695a9c3d57795569758bec3a4983fcda7c4f5f56ea7fb0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27F082A1B18F8182DB908B62F9490ADA3A5FB8CFD0B544034DE4E83B24DF3CD4A1C300
                                                                                                                                                                                                                                        Function 00007FFB1BB12840 Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_MemoryObject_X_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 30467670-0
                                                                                                                                                                                                                                        • Opcode ID: 8648c0294b8608856b9444023791b5c604ac616b49672c16aa37bcaa9a69f8a5
                                                                                                                                                                                                                                        • Instruction ID: 9a5410af6b5af1051ace5e357cf3691b7908c7340ee56713ebd336c02d35df6e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8648c0294b8608856b9444023791b5c604ac616b49672c16aa37bcaa9a69f8a5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78F01CE8D59F02C1EB350B32F80433A22A2FF09B21F18A430C80D02BB0EF3CE4559250
                                                                                                                                                                                                                                        Function 00007FFB1BB123C0 Relevance: 6.0, APIs: 4, Instructions: 24threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FreeObject_Thread_free_lockX_free
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3834077558-0
                                                                                                                                                                                                                                        • Opcode ID: 30f2c6722fdc772445c36e5bfb44bdd092d103c1161848277d034889c0cb2609
                                                                                                                                                                                                                                        • Instruction ID: 24ee380e9832e07a86e0f492b5929c110d3ec40682785289a6a947773f1f4547
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30f2c6722fdc772445c36e5bfb44bdd092d103c1161848277d034889c0cb2609
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73F0FEE5A08E42C5EB288B36F55423A6322FB49FA4B14A030DE0E47A74CF2CE4968300
                                                                                                                                                                                                                                        Function 00007FFB0BE4AF70 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Eval_Thread$FreeMem_O_free_allObject_RestoreSaveTrackX_free
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3459953665-0
                                                                                                                                                                                                                                        • Opcode ID: 90069f519904121876b0fcd14e3a1e4760e185597c79e20eabc01de8b08c6cff
                                                                                                                                                                                                                                        • Instruction ID: 7b5c3a3ca519728366d3a0650812c9a0ad85f16c5473ffc50cd8cece0e575c21
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90069f519904121876b0fcd14e3a1e4760e185597c79e20eabc01de8b08c6cff
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DF0D466A18A4681DB089F36E9544396320FB89F94B08D430DE1F86364CF38D8958340
                                                                                                                                                                                                                                        Function 00007FFB1BB15E58 Relevance: 6.0, APIs: 4, Instructions: 21threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocFreeObject_Thread_free_lockX_free
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 133976240-0
                                                                                                                                                                                                                                        • Opcode ID: bef471c518b7e6d57693ba87fff0f6d7886f9ab7c128b2b6de8dd79a57343c71
                                                                                                                                                                                                                                        • Instruction ID: de20b0459d871cdfb409410cf38f93eab812d5db188757a526905d918fc5224f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bef471c518b7e6d57693ba87fff0f6d7886f9ab7c128b2b6de8dd79a57343c71
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DBE0C0BAA59E41C2EB249F76F5541397321FF88FA4B18A030DE4E07A34CF2CD4968340
                                                                                                                                                                                                                                        Function 00007FFB1C4FBE60 Relevance: 6.0, APIs: 4, Instructions: 20threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Value$DeleteFreeLocalState_Thread
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3706641815-0
                                                                                                                                                                                                                                        • Opcode ID: 611290ba497292ec3218eede81cda6d90162ed3bf88b5678e9778ee20dbc5caf
                                                                                                                                                                                                                                        • Instruction ID: 568d9b70cd407fb32f655ba36914e7445260ff126d3461ab7df34ee5ed483734
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 611290ba497292ec3218eede81cda6d90162ed3bf88b5678e9778ee20dbc5caf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58F01CE4A09E02C2F7859B35E89D3B523A2AFD8775F245034C90A023A1CF3CA8A8C700
                                                                                                                                                                                                                                        Function 00007FFB1BB13170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB131EB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB1323B
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: sha3_384
                                                                                                                                                                                                                                        • API String ID: 3901364687-1508202818
                                                                                                                                                                                                                                        • Opcode ID: c05d9b5ca4baea7067cd81390f9ef12fc2eecd2dfd4707e293b0976e7dc57fda
                                                                                                                                                                                                                                        • Instruction ID: b86c94fa5abe5b93cb1c74437ca108081299ad43e51588cb5a169382f15bc634
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c05d9b5ca4baea7067cd81390f9ef12fc2eecd2dfd4707e293b0976e7dc57fda
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC21C1BAA09F41D1EA308B22F44476A62A5FF44BE4F189130DE4D43B24EF3DD9018740
                                                                                                                                                                                                                                        Function 00007FFB1BB13090 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB1310B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB1315B
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: sha3_512
                                                                                                                                                                                                                                        • API String ID: 3901364687-1707686796
                                                                                                                                                                                                                                        • Opcode ID: d16c04addce6f66d4f2438667e7bbd4895a5adaab382c19a349aff2298bc2ae2
                                                                                                                                                                                                                                        • Instruction ID: 7d1d1714f3e27a98e63f599f66ad49802692c644d9722d10657f8af9e0619053
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d16c04addce6f66d4f2438667e7bbd4895a5adaab382c19a349aff2298bc2ae2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D821A1B9A09F51D5EA70CB22F48476B62A9FB48BE4F189131DE4D43B64EF3DD9018700
                                                                                                                                                                                                                                        Function 00007FFB1BB13330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB133AB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB133FB
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: sha3_224
                                                                                                                                                                                                                                        • API String ID: 3901364687-2731072511
                                                                                                                                                                                                                                        • Opcode ID: 86b8507f8dde06a652c00e72663fc86a5d63b9b8f27809a689163794b7f0935f
                                                                                                                                                                                                                                        • Instruction ID: ca0e71869c06e0103ea854938a7a0b0b8b5e138a3011fa2d5bc4c24b9431730e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86b8507f8dde06a652c00e72663fc86a5d63b9b8f27809a689163794b7f0935f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D21D3B9A0AF41D6EA30CB22F48036A6295FB44BE4F189130DE4D43B64EF3CD9418744
                                                                                                                                                                                                                                        Function 00007FFB1BB12C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB12CAB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB12CFB
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: md5
                                                                                                                                                                                                                                        • API String ID: 3901364687-3899452385
                                                                                                                                                                                                                                        • Opcode ID: b0a43a908fe11f445924265852000c49cc134fcf93b8e95373043c45d6529b64
                                                                                                                                                                                                                                        • Instruction ID: b94e6296699181e4b958a0c027280cdb3fb2a24aaa78ac95b47558cc1436b917
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0a43a908fe11f445924265852000c49cc134fcf93b8e95373043c45d6529b64
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB21AFFAA08F51C6EA708B22F44076A62A5FB48BD4F189130DE4D47B64EFBCD9418740
                                                                                                                                                                                                                                        Function 00007FFB1BB13250 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB132CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB1331B
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: sha3_256
                                                                                                                                                                                                                                        • API String ID: 3901364687-59190292
                                                                                                                                                                                                                                        • Opcode ID: d9102915bb7c23d8821872469e40a3ac6882c7602c431fa9ced1bd26f0249f2c
                                                                                                                                                                                                                                        • Instruction ID: 9f68651aa7950b3aba465691c921c7f3f3a4125f9f67740297d4976254181516
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9102915bb7c23d8821872469e40a3ac6882c7602c431fa9ced1bd26f0249f2c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF21C1B9B09F41D6EA70DB22F44036A6295FB48BE4F189134DE4D43B64EF3CD8018780
                                                                                                                                                                                                                                        Function 00007FFB1BB12B50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB12BCB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB12C1B
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: sha256
                                                                                                                                                                                                                                        • API String ID: 3901364687-1556616439
                                                                                                                                                                                                                                        • Opcode ID: 16eb715f2b34ec32a109569f5e6e7846f212689505c58d74da9e653fe82bfef9
                                                                                                                                                                                                                                        • Instruction ID: 8f2074954c60c319fd16ce428904135474c595b5e93a17ab1e12f4315b470151
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16eb715f2b34ec32a109569f5e6e7846f212689505c58d74da9e653fe82bfef9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11217AEAA09F52C6EA608F22F8447AB62A5FB48BE4F18D135DE4D43B64DF3CD5418740
                                                                                                                                                                                                                                        Function 00007FFB1BB12DF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB12E6B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB12EBB
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: sha512
                                                                                                                                                                                                                                        • API String ID: 3901364687-981861231
                                                                                                                                                                                                                                        • Opcode ID: c6e9fd8f78bb77cda9edf7c059f598b55c02ee24cae54d1cfeaaa67e96ede4e6
                                                                                                                                                                                                                                        • Instruction ID: 978658954722ee195cec58eabf8d497e8be44a76009b1a3b51504b8a0048ae2c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6e9fd8f78bb77cda9edf7c059f598b55c02ee24cae54d1cfeaaa67e96ede4e6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4215EFAA08F41C5EA75CB22F40476A6295FB48BE4F18A134DE4D47B64DF3CD5418740
                                                                                                                                                                                                                                        Function 00007FFB1BB134F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB1356B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB135BB
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: shake_128
                                                                                                                                                                                                                                        • API String ID: 3901364687-1102867705
                                                                                                                                                                                                                                        • Opcode ID: 5b5af69149988e6f577a614ae09c14c5dfccde6b32cc448d358a59e7f427bfa0
                                                                                                                                                                                                                                        • Instruction ID: 94d2f4cc467440fa00d1d075a66cf86aad8c1b9f779956f0d9bcb36c01b67fb5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b5af69149988e6f577a614ae09c14c5dfccde6b32cc448d358a59e7f427bfa0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 582171B9A09F41D5EA708B22F48476AA2A5FB44FE4F589130DE4D47B64EF7CD5418700
                                                                                                                                                                                                                                        Function 00007FFB1BB12D10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB12D8B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB12DDB
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: sha1
                                                                                                                                                                                                                                        • API String ID: 3901364687-858918954
                                                                                                                                                                                                                                        • Opcode ID: 0c3fa120c5a2b1dd194e7d78e49455c99c6455d130d515a3b206b2da5b4b5b12
                                                                                                                                                                                                                                        • Instruction ID: 68a2d832158b5f0634f42b930c6b4bf054a0363cd5a0986a108b8c53f2b2ddca
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c3fa120c5a2b1dd194e7d78e49455c99c6455d130d515a3b206b2da5b4b5b12
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0219DFAA08F42C6EE708B22F40476A62A5FB55BE4F199130EE4D47B68EF3CD5058700
                                                                                                                                                                                                                                        Function 00007FFB1BB13410 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB1348B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB134DB
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: shake_256
                                                                                                                                                                                                                                        • API String ID: 3901364687-3942869344
                                                                                                                                                                                                                                        • Opcode ID: 65e8de633692c7b28530e2635e61c7d309da0e8a87fbddc1bdca62a021cba29a
                                                                                                                                                                                                                                        • Instruction ID: a9b238b0edb071cdce3d1e3bb8398f1cbc76c2660fde71c6811ed9048138e955
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65e8de633692c7b28530e2635e61c7d309da0e8a87fbddc1bdca62a021cba29a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B21A1BA609F41D6EA71CB22F49476A62A5FF48BE4F089130DE4D53B69EF3CD5408700
                                                                                                                                                                                                                                        Function 00007FFB1BB12FB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB1302B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB1307B
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: sha224
                                                                                                                                                                                                                                        • API String ID: 3901364687-4253541148
                                                                                                                                                                                                                                        • Opcode ID: 3ce6550dc420a8de346e41c538a0b9990c1d2f2c3e0a4919811aceef2500db7f
                                                                                                                                                                                                                                        • Instruction ID: ae179d0b59ecebded83a9de1c213fd49becb3e976ddc7d03b16a4ad477008284
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ce6550dc420a8de346e41c538a0b9990c1d2f2c3e0a4919811aceef2500db7f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C21A1F9A09F41DAEA708B22F84476A6399FB44BE4F099130DE4D43B64EF3DD5408700
                                                                                                                                                                                                                                        Function 00007FFB1BB12ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON311 ref: 00007FFB1BB12F4B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB1105E
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON311 ref: 00007FFB1BB1106B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FFB1BB1109F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON311 ref: 00007FFB1BB110B0
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON311 ref: 00007FFB1BB110B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFB1BB110CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFB1BB110F3
                                                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FFB1BB12F9B
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1428397998.00007FFB1BB11000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428322371.00007FFB1BB10000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428424791.00007FFB1BB17000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428449778.00007FFB1BB1C000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1428581969.00007FFB1BB1E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                        • String ID: sha384
                                                                                                                                                                                                                                        • API String ID: 3901364687-111829409
                                                                                                                                                                                                                                        • Opcode ID: 17bff4acdb117299c3ba8034aaa9f2222ae927d140d94b43ce2693c6035ed71a
                                                                                                                                                                                                                                        • Instruction ID: 912e55506b524619717d096bfb2d05a29b6127bade69ee7bbc2bf9563000bdfe
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17bff4acdb117299c3ba8034aaa9f2222ae927d140d94b43ce2693c6035ed71a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F52171FA608F41C5EA748B22F44476A6396FB45BE4F189131EE4D47B68DF7CD5418700
                                                                                                                                                                                                                                        Function 00007FFB0BE46F5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_FreeMem_Parse_Size
                                                                                                                                                                                                                                        • String ID: ascii
                                                                                                                                                                                                                                        • API String ID: 2971325497-3510295289
                                                                                                                                                                                                                                        • Opcode ID: b3c3a93d25b3eb8cf9adc087c239978f9e88db7e910f4780c1538f63c8e41819
                                                                                                                                                                                                                                        • Instruction ID: b09606bfddff2c5205a0b2c09700200c678463e66f0be365a5445f3a05bd348d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3c3a93d25b3eb8cf9adc087c239978f9e88db7e910f4780c1538f63c8e41819
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91110A76608B8185DB148F22F840569B7A4FB88F80F588436EF8E83B24DF38D551CB40
                                                                                                                                                                                                                                        Function 00007FFB1C4FA170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F9840: PyImport_ImportModule.PYTHON311 ref: 00007FFB1C4F9861
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F9840: PyObject_GetAttrString.PYTHON311 ref: 00007FFB1C4F987D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F9840: _Py_Dealloc.PYTHON311 ref: 00007FFB1C4F988F
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F9840: PyTuple_New.PYTHON311 ref: 00007FFB1C4F989C
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F9840: PyObject_CallMethod.PYTHON311 ref: 00007FFB1C4F98BB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F9840: _Py_Dealloc.PYTHON311 ref: 00007FFB1C4F98D1
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F9840: _Py_Dealloc.PYTHON311 ref: 00007FFB1C4F98E7
                                                                                                                                                                                                                                        • PyObject_GetAttrString.PYTHON311(?,?,?,?,?,?,?,?,?,00007FFB1C4F99ED), ref: 00007FFB1C4FA1B4
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,?,?,00007FFB1C4F99ED), ref: 00007FFB1C4FA213
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Object_$AttrString$CallImportImport_MethodModuleTuple_
                                                                                                                                                                                                                                        • String ID: max
                                                                                                                                                                                                                                        • API String ID: 66079785-2641765001
                                                                                                                                                                                                                                        • Opcode ID: 16a729920dce5b54a78e82729a7783286d6a507b345106b24481124c5bf783b2
                                                                                                                                                                                                                                        • Instruction ID: 5263c66bd267fe897a4b2cf07e04e28355896de5fa139863cb050bbd3b50c689
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16a729920dce5b54a78e82729a7783286d6a507b345106b24481124c5bf783b2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C01151B6A0CB86C2D7544F25E54A079B3A2FB84BA8F245131EA9D47B54DF3CE470C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F9960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON311 ref: 00007FFB1C4F9982
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F6350: PyLong_AsLongLong.PYTHON311 ref: 00007FFB1C4F6375
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4F6350: PyErr_Occurred.PYTHON311 ref: 00007FFB1C4F6384
                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32 ref: 00007FFB1C4F99B9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC0BB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC12A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyUnicode_DecodeMBCS.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC1FB
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_BuildValue_SizeT.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC210
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC228
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: PyErr_SetObject.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC23D
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FC0A0: _Py_Dealloc.PYTHON311(?,?,?,?,?,00000000,00000000,00007FFB1C4F786D,?,?,00000000,00007FFB1C4F7BE2,?,?,?,00007FFB1C4F1911), ref: 00007FFB1C4FC24C
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_LongTime$Arg_BuildDeallocDecodeErrorFileFormatFreeLastLocalLong_MessageObjectOccurredParseSizeSystemTupleUnicode_Value_
                                                                                                                                                                                                                                        • String ID: FileTimeToSystemTime
                                                                                                                                                                                                                                        • API String ID: 2951598573-1754531670
                                                                                                                                                                                                                                        • Opcode ID: 540c7d332a2d4f863d90de35ed7e919641923c568b19ba270797c4c3b061ddb2
                                                                                                                                                                                                                                        • Instruction ID: 403ed4f79b88e39de4e650894af3c137cde7ca9b4d0b61e8d24e3146bc65c2b4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 540c7d332a2d4f863d90de35ed7e919641923c568b19ba270797c4c3b061ddb2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E11189E6A1CD8286EB50EB35E45A4EA73A2FFC4B5CF901035E54D82655EE2CD515CB00
                                                                                                                                                                                                                                        Function 00007FFB0BE471A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_FreeMem_Parse_Size
                                                                                                                                                                                                                                        • String ID: ascii
                                                                                                                                                                                                                                        • API String ID: 2971325497-3510295289
                                                                                                                                                                                                                                        • Opcode ID: 9af54ac531f4301f7b2c585880cddff1b8e7e607af12eade651f87573664f557
                                                                                                                                                                                                                                        • Instruction ID: 750418629dd44857671c83eca471ec0b8f3f818c9b99e4a8dae2f7e8cf4b7ed6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9af54ac531f4301f7b2c585880cddff1b8e7e607af12eade651f87573664f557
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54114261B18B5581EB148F66E844B6963A4FB48BC4F548935EE4E87724CF7CD8018740
                                                                                                                                                                                                                                        Function 00007FFB1C4F3240 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                        • String ID: AddAccessAllowedObjectAce$lllOOO:AddAccessAllowedObjectAce
                                                                                                                                                                                                                                        • API String ID: 3371842430-684429688
                                                                                                                                                                                                                                        • Opcode ID: 593823ca2620d8022d3c81c4bd0b7d3d12d6475a2f60f4b6be25d83d768f844c
                                                                                                                                                                                                                                        • Instruction ID: 458d95f33570d90c225a6e98d192362ffc7e34f7fd184ad2873e65899073abca
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 593823ca2620d8022d3c81c4bd0b7d3d12d6475a2f60f4b6be25d83d768f844c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23115EB6B08F4582DF50CF65E4485AD73A1F7987A4F610136EAAC83B14EF39D998CB00
                                                                                                                                                                                                                                        Function 00007FFB1C4F32F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                        • String ID: AddAccessDeniedObjectAce$lllOOO:AddAccessDeniedObjectAce
                                                                                                                                                                                                                                        • API String ID: 3371842430-3179976129
                                                                                                                                                                                                                                        • Opcode ID: 6b0111dd968b42d8b19aa9af270f386213a3282231da8674dee66e8dcc011de6
                                                                                                                                                                                                                                        • Instruction ID: 95bca6f4e9721e073da3d9b4fc9091bf674a53ad97cc71f94a3796c5f0b8962d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b0111dd968b42d8b19aa9af270f386213a3282231da8674dee66e8dcc011de6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30114CB6708F4582DF50CF65E4485AD73A1F7887A4F610136EAAC83B24EF39D998CB00
                                                                                                                                                                                                                                        Function 00007FFB0BE48ECC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_CheckObject_PositionalTrue
                                                                                                                                                                                                                                        • String ID: getpeercert
                                                                                                                                                                                                                                        • API String ID: 341638686-200429401
                                                                                                                                                                                                                                        • Opcode ID: b813778fd7cb0a0440c253227a924622ad86643d1a9350e9e4b5b332556fdc17
                                                                                                                                                                                                                                        • Instruction ID: 4a866cfeb9ef24e2b92cc4d808afb80e49267d01ad249a5da8e6959d21e109c1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b813778fd7cb0a0440c253227a924622ad86643d1a9350e9e4b5b332556fdc17
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95018F71B18A9186E7589F26E840869A6A5FB88FC0F899431EE4EC7765CF39E841C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F65C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                        • String ID: :OVERLAPPED
                                                                                                                                                                                                                                        • API String ID: 709158290-1552635527
                                                                                                                                                                                                                                        • Opcode ID: c82032958311412f16df2770d40f50179ba35914bf3ee438732766a620dff640
                                                                                                                                                                                                                                        • Instruction ID: c3e15992c597edcb8f0e5017053ebfb6db458d8403282b862ff13280c7c57100
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c82032958311412f16df2770d40f50179ba35914bf3ee438732766a620dff640
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7019EA2918F8182D7508F31E9841A973E9FBD9B54FA42239D68C43715EF7CD5E0C300
                                                                                                                                                                                                                                        Function 00007FFB1C4F2E20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                        • String ID: AddAccessAllowedAceEx$lllO:AddAccessAllowedAceEx
                                                                                                                                                                                                                                        • API String ID: 3371842430-1263352432
                                                                                                                                                                                                                                        • Opcode ID: cf20c31e8dcd261f0265f68dd4fa72e630e7fc7e05ed18bbd31519f4288a5ce9
                                                                                                                                                                                                                                        • Instruction ID: 97bc3e84188546da8607fb94e983cd42c49c15eef278d69675382bab16b633e3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf20c31e8dcd261f0265f68dd4fa72e630e7fc7e05ed18bbd31519f4288a5ce9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 420121B6A18B41C2DB50CB69F44509A77A1F7987A4F640226EB8C93B28DF3CD194CF00
                                                                                                                                                                                                                                        Function 00007FFB1C4F2EB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                        • String ID: AddAccessDeniedAceEx$lllO:AddAccessDeniedAceEx
                                                                                                                                                                                                                                        • API String ID: 3371842430-4150984663
                                                                                                                                                                                                                                        • Opcode ID: bb4d4c252358605bc37b7bc099c9126ce87e96c6e9dd2981cba15651f33a4e17
                                                                                                                                                                                                                                        • Instruction ID: 534cb18ce2db279495687dae62f3a469e25a3112812cf0c8dc51d1856af41c4f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb4d4c252358605bc37b7bc099c9126ce87e96c6e9dd2981cba15651f33a4e17
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA011EB6A18B41C2DA50CB68F44549A77A1F798794F640226EB9C93B28DF3CD154CF00
                                                                                                                                                                                                                                        Function 00007FFB1C4F2F40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                        • String ID: AddMandatoryAce$kkkO:AddMandatoryAce
                                                                                                                                                                                                                                        • API String ID: 3371842430-3675006617
                                                                                                                                                                                                                                        • Opcode ID: cfd0fe76d8119b01ada2599f5d6e31f8e679d94d1e36c34196792572128758cf
                                                                                                                                                                                                                                        • Instruction ID: a7fbfece8757b88402724c967c35d59132138696e009ace3104ac2fcd1e7f19f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfd0fe76d8119b01ada2599f5d6e31f8e679d94d1e36c34196792572128758cf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51011EB6A18B41C2DB50CB68F44509AB7A1F7987A4F640226EB8C93B68DF3CD194CF00
                                                                                                                                                                                                                                        Function 00007FFB1C4FCCE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FAED0: PyUnicode_AsWideCharString.PYTHON311 ref: 00007FFB1C4FAF0A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FAED0: PyErr_SetString.PYTHON311 ref: 00007FFB1C4FAF29
                                                                                                                                                                                                                                        • PyErr_Clear.PYTHON311 ref: 00007FFB1C4FCCFC
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyNumber_Long.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB65
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB73
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyLong_AsLongLong.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB81
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB90
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Clear.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB9B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyLong_AsUnsignedLongLong.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBA4
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBB3
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: _Py_Dealloc.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBC7
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Format.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBE6
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311 ref: 00007FFB1C4FCD32
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • Resource id/name must be unicode or int in the range 0-65536, xrefs: 00007FFB1C4FCD21
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Long$OccurredString$ClearLong_$CharDeallocFormatNumber_Unicode_UnsignedWide
                                                                                                                                                                                                                                        • String ID: Resource id/name must be unicode or int in the range 0-65536
                                                                                                                                                                                                                                        • API String ID: 293670993-4091729669
                                                                                                                                                                                                                                        • Opcode ID: b40dea643b8c2fca0e637e896ad8ef70bdac035548818f5abb8d9261e5ce46e9
                                                                                                                                                                                                                                        • Instruction ID: 556dfa46c31f1ade269a23d1bc42ea19633a61d7681668fcad68204805a37c0e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b40dea643b8c2fca0e637e896ad8ef70bdac035548818f5abb8d9261e5ce46e9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59F068F1B1CE4281FB945B39F54A3B91392EF88BD8F645031DE0D87659EE2CD4A08304
                                                                                                                                                                                                                                        Function 00007FFB1C4FCC40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FAAE0: PyErr_SetString.PYTHON311 ref: 00007FFB1C4FAB1F
                                                                                                                                                                                                                                        • PyErr_Clear.PYTHON311 ref: 00007FFB1C4FCC5C
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyNumber_Long.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB65
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB73
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyLong_AsLongLong.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB81
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB90
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Clear.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCB9B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyLong_AsUnsignedLongLong.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBA4
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Occurred.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBB3
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: _Py_Dealloc.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBC7
                                                                                                                                                                                                                                          • Part of subcall function 00007FFB1C4FCB50: PyErr_Format.PYTHON311(?,?,?,00007FFB1C4F4F6E), ref: 00007FFB1C4FCBE6
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON311 ref: 00007FFB1C4FCC92
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • Resource id/name must be string or int in the range 0-65536, xrefs: 00007FFB1C4FCC81
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Long$Occurred$ClearLong_String$DeallocFormatNumber_Unsigned
                                                                                                                                                                                                                                        • String ID: Resource id/name must be string or int in the range 0-65536
                                                                                                                                                                                                                                        • API String ID: 286819204-907244015
                                                                                                                                                                                                                                        • Opcode ID: fd810f459144a90f88124f991c29214e465162ac5f2010d9788556094259a3c6
                                                                                                                                                                                                                                        • Instruction ID: 73af31415306ca625cfeb8b72860efa5bb7fe6bd0b7c2164dbe7a040506df8c3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd810f459144a90f88124f991c29214e465162ac5f2010d9788556094259a3c6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDF044E1B1CE4281FB905B3AF5593B91392AF88BD8F645031DE0D87659EE2CD4A48305
                                                                                                                                                                                                                                        Function 00007FFB1C4FD190 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocSequence_Tuple
                                                                                                                                                                                                                                        • String ID: Sequence can contain at most %d items
                                                                                                                                                                                                                                        • API String ID: 1991852567-3507602910
                                                                                                                                                                                                                                        • Opcode ID: d9559a996a28de26ebde58b33ce6d2852bf3d3b022813611159363d6467ab10f
                                                                                                                                                                                                                                        • Instruction ID: 36f7a0a72666a898f32eee6e5dea29d7787089856d78e9852e489785729fb16c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9559a996a28de26ebde58b33ce6d2852bf3d3b022813611159363d6467ab10f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5F04FE2A19E4282EE998F26E5490B463A2FBC8BB4F181131DE6D43794DF3CD4A18700
                                                                                                                                                                                                                                        Function 00007FFB1C4FA590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Capsule_ImportReadyType_
                                                                                                                                                                                                                                        • String ID: datetime.datetime_CAPI
                                                                                                                                                                                                                                        • API String ID: 2581296196-711417590
                                                                                                                                                                                                                                        • Opcode ID: aed311e528b58a49dd51d5db7f9011234d466068eb9887f4d068f5c72a45c228
                                                                                                                                                                                                                                        • Instruction ID: 341c934fa76dcb8380d5f9d7900ab2a2911b0982141cf4ccb301f552157c1dce
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aed311e528b58a49dd51d5db7f9011234d466068eb9887f4d068f5c72a45c228
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD019AF9A05F41C1EA459B29E89A0A533A6FBD8B70F659131D95D83360DF3CD4A6C300
                                                                                                                                                                                                                                        Function 00007FFB1C4F51D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Long$Arg_FromLong_ParseTuple
                                                                                                                                                                                                                                        • String ID: :Detach
                                                                                                                                                                                                                                        • API String ID: 1152936543-4103459575
                                                                                                                                                                                                                                        • Opcode ID: 7a6b1f77d39dc1acc515e9f7d4e614c10b76470c717b114c4a8a2bdbb3589676
                                                                                                                                                                                                                                        • Instruction ID: d5b054b0c29773bd9b87b9ad3f6258c8ba7b1a50395b9be768a9ef87187dc7e8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a6b1f77d39dc1acc515e9f7d4e614c10b76470c717b114c4a8a2bdbb3589676
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85F082A1B18A0182EB944B35FA453A523E1BB44BD4F985038DE1DC7754EF2CD4A08300
                                                                                                                                                                                                                                        Function 00007FFB0BE4BF34 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • Cannot set verify_mode to CERT_NONE when check_hostname is enabled., xrefs: 00007FFB0BE4BF72
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$Arg_Parse_Size
                                                                                                                                                                                                                                        • String ID: Cannot set verify_mode to CERT_NONE when check_hostname is enabled.
                                                                                                                                                                                                                                        • API String ID: 1619524773-288992553
                                                                                                                                                                                                                                        • Opcode ID: 4a3c7c389d0f6469ae29ccc61400e0d5b3b7778f4b4d26b62168a2a3b6f90544
                                                                                                                                                                                                                                        • Instruction ID: fa6d711ebd45c95af3471b9df94d75c6ae6ca231e8f2e5c26d42e6d881e6c677
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a3c7c389d0f6469ae29ccc61400e0d5b3b7778f4b4d26b62168a2a3b6f90544
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11F017E4E0860281EE588B7AE8408793360AF95B94B14C932D91FC66B4EF2CE448AB40
                                                                                                                                                                                                                                        Function 00007FFB1C4FB710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                        • String ID: :WAVEFORMATEX
                                                                                                                                                                                                                                        • API String ID: 709158290-1364142124
                                                                                                                                                                                                                                        • Opcode ID: e172995db97953e442bda0feb20cdd123e788f722a2591f4cf010d53277e3582
                                                                                                                                                                                                                                        • Instruction ID: 3b586b3d90de45f235564173d86761e187df26c070f7c87596f16720d3afc8e2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e172995db97953e442bda0feb20cdd123e788f722a2591f4cf010d53277e3582
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DEF090D1A19F4282D6549F31E8490A923A1FF8DB54FA46239D64C86311EF7CD1A08300
                                                                                                                                                                                                                                        Function 00007FFB1C4F97F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AttrObject_StringSubtypeType_
                                                                                                                                                                                                                                        • String ID: timetuple
                                                                                                                                                                                                                                        • API String ID: 1421930220-3328721318
                                                                                                                                                                                                                                        • Opcode ID: c9127a4265d8eb5532ae0f429a58713b03013d99ab0aa22f104fcaba0564edeb
                                                                                                                                                                                                                                        • Instruction ID: d5544addec37a08acf5d929124621eee14f3c3545977f15408e55128721700e6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9127a4265d8eb5532ae0f429a58713b03013d99ab0aa22f104fcaba0564edeb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65E0E5D5F19A4681FE544B76E8595B51752EFA8FA5F686030C90D86350EE1CD4E1C700
                                                                                                                                                                                                                                        Function 00007FFB1C4F1A50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                        • String ID: @$|ii:ACL
                                                                                                                                                                                                                                        • API String ID: 3371842430-2672190651
                                                                                                                                                                                                                                        • Opcode ID: 931090ff425b0c517ede05fad935d1319830c540843792589cb8770baa2d5732
                                                                                                                                                                                                                                        • Instruction ID: a6776c753cb185e4dde5a33e5aebb125255baa108a6f9b4f42a67b83a233799d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 931090ff425b0c517ede05fad935d1319830c540843792589cb8770baa2d5732
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03F012E5A18A8186D740DBA0E40929AA7A1FBC5764F904038DA4C83755DFBCD159CB01
                                                                                                                                                                                                                                        Function 00007FFB0BE4BD6C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Object_StringTrue
                                                                                                                                                                                                                                        • String ID: cannot delete attribute
                                                                                                                                                                                                                                        • API String ID: 1323943456-1747274469
                                                                                                                                                                                                                                        • Opcode ID: ae0cfb91718016bd83469ba943e4a735268ecb5f6249323dc93b61012de6a371
                                                                                                                                                                                                                                        • Instruction ID: ec6c4f4bb00871fbaba1dc23353de9c04d262b67342a9d4d78b3bcef301370fa
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae0cfb91718016bd83469ba943e4a735268ecb5f6249323dc93b61012de6a371
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64E012E4A1890291EB5C8B75DC948342391AF95764B14CE31C92FC61F4EF6CD8958700
                                                                                                                                                                                                                                        Function 00007FFB0BE42510 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1424462627.00007FFB0BE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0BE40000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424444971.00007FFB0BE40000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424482051.00007FFB0BE4D000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424502993.00007FFB0BE5E000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424521434.00007FFB0BE5F000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424540000.00007FFB0BE64000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1424594066.00007FFB0BE65000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0be40000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Capsule_ImportModule_State
                                                                                                                                                                                                                                        • String ID: _socket.CAPI
                                                                                                                                                                                                                                        • API String ID: 2652237932-3774308389
                                                                                                                                                                                                                                        • Opcode ID: c47cf55f7eff936cb0f2ab48bcc0462fe3e8fd81560206bba921d6be36ee1e07
                                                                                                                                                                                                                                        • Instruction ID: 98774b9ccb55777bb88a7cc8a50abe259115f1bd639e1bea7378ad9a38041d76
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c47cf55f7eff936cb0f2ab48bcc0462fe3e8fd81560206bba921d6be36ee1e07
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CE01AA0F2A60291FE188B71D86063823A0AF58B10F648D34CA2FC22F0DF2CE8858211
                                                                                                                                                                                                                                        Function 00007FFB1C4F88D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_DescriptorLengthParseSecurityTuple
                                                                                                                                                                                                                                        • String ID: :GetLength
                                                                                                                                                                                                                                        • API String ID: 840013968-295138441
                                                                                                                                                                                                                                        • Opcode ID: 6593e5a61eb2d1732d82dd80238a4fcf00753a4dd8740e01da8f383eb2a7b43a
                                                                                                                                                                                                                                        • Instruction ID: 62eebea802c15d8e5f163532924a7d2c58394dd6ce8edff4943585f33cbe92ba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6593e5a61eb2d1732d82dd80238a4fcf00753a4dd8740e01da8f383eb2a7b43a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FE0ECD1F59D0682FB984B76EC5A0B51292EF88BA5F645034CD1DC6361EE2CA5E58300
                                                                                                                                                                                                                                        Function 00007FFB1C4F90D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_AuthorityCountParseSizeTuple_
                                                                                                                                                                                                                                        • String ID: :GetSubAuthorityCount
                                                                                                                                                                                                                                        • API String ID: 3376985458-2020981275
                                                                                                                                                                                                                                        • Opcode ID: f4423cf3a75643b707783fe2fed3b8e855fcfba0c91c9feacca834884bf4b180
                                                                                                                                                                                                                                        • Instruction ID: 70561f11f17ed3bac414bac37ae22d1e0d8c3c33e89f763bbe18f9b0ea0ed4bf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4423cf3a75643b707783fe2fed3b8e855fcfba0c91c9feacca834884bf4b180
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DE086D1B0DD4281EBC84B76EC590F523A2DF98FA5F144030CD5DC6250DD2C95F58700
                                                                                                                                                                                                                                        Function 00007FFB1C4F1B80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseTupleValid
                                                                                                                                                                                                                                        • String ID: :IsValid
                                                                                                                                                                                                                                        • API String ID: 2541654197-2800628479
                                                                                                                                                                                                                                        • Opcode ID: 6f9b08e2579efb0940dccf0434df3c724adb4f1e653f41334a7e2a8ba815ef10
                                                                                                                                                                                                                                        • Instruction ID: 6e4738bfb5f97e44294fb85d89ec9d76cadca16b59864ed7cd84731d13003c99
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f9b08e2579efb0940dccf0434df3c724adb4f1e653f41334a7e2a8ba815ef10
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EAE0ECD1F19D0682EB984BB2EC5A1B523D2AF98BA5F641035CD1DC6760FE2C95E58200
                                                                                                                                                                                                                                        Function 00007FFB1C4F8FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_ParseSizeTuple_Valid
                                                                                                                                                                                                                                        • String ID: :IsValid
                                                                                                                                                                                                                                        • API String ID: 1733704823-2800628479
                                                                                                                                                                                                                                        • Opcode ID: 67118fd4047ed3d928dd6b5322ed44f03e8c6ebf3610de384438315e1dc01a02
                                                                                                                                                                                                                                        • Instruction ID: 9fb83e75ef7031ab95579d091a5a9779ba255ba4b3488655c46e3426cfa68143
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67118fd4047ed3d928dd6b5322ed44f03e8c6ebf3610de384438315e1dc01a02
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5AE0ECD1B28D0682FB984BB6EC5A1F52393EF98BA5F641030CD1DC6360EE6C95E58640
                                                                                                                                                                                                                                        Function 00007FFB1C4F9090 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_LengthParseSizeTuple_
                                                                                                                                                                                                                                        • String ID: :GetLength
                                                                                                                                                                                                                                        • API String ID: 986722786-295138441
                                                                                                                                                                                                                                        • Opcode ID: fee334646d37aad512c8cc1628ef42d97b422fc1c6c4f22ed49698b6ca373d49
                                                                                                                                                                                                                                        • Instruction ID: de3e82f511a6f8255ec576a7a49aa0e5059acba2fbe57c3db5dc6e21a91b58e2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fee334646d37aad512c8cc1628ef42d97b422fc1c6c4f22ed49698b6ca373d49
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16E08CD0B18D0682EB984B72EC5A0F523A2EF88BA2F640030CD1DC6360EE6CA5E58200
                                                                                                                                                                                                                                        Function 00007FFB1C4F8890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                        • String ID: :IsValid
                                                                                                                                                                                                                                        • API String ID: 1292091245-2800628479
                                                                                                                                                                                                                                        • Opcode ID: 72e59f86762b53495d540d5fed7bee6bce9afb8ce027a4c8f3763502413a8e2a
                                                                                                                                                                                                                                        • Instruction ID: ff203ab1ba523b6915298666d3f0ee494e803f8c49c94f767a9539fdaa345914
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72e59f86762b53495d540d5fed7bee6bce9afb8ce027a4c8f3763502413a8e2a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29E0ECD1B19D0682FB994BB2EC5A0B523D2EFD8BA5FA45034CD1DC6360EE2CD5E58300
                                                                                                                                                                                                                                        Function 00007FFB1C4FC880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1429301219.00007FFB1C4F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB1C4F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429274454.00007FFB1C4F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429321017.00007FFB1C500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429382109.00007FFB1C50E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1429468066.00007FFB1C511000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1c4f0000_discord.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: POINT must be a tuple of 2 ints (x,y)$ll;POINT must be a tuple of 2 ints (x,y)
                                                                                                                                                                                                                                        • API String ID: 1450464846-334919720
                                                                                                                                                                                                                                        • Opcode ID: c8c4a471808166ac6c69c4fba894a26f294a189a4d8875bfc0ff6503962ea686
                                                                                                                                                                                                                                        • Instruction ID: eaf2e7423597bb55aa4bf9f6b41c9050a714f23b9afaeb56b61208ec80b576bb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8c4a471808166ac6c69c4fba894a26f294a189a4d8875bfc0ff6503962ea686
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDE012E1E04E46C1E6449B25D88A1E527A2FB85B59FA49036C60C87220CF2CE1E9C740