Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zapret.exe

Overview

General Information

Sample name:zapret.exe
Analysis ID:1573827
MD5:ff130e918b140be5b7a4fe668950f220
SHA1:99a24e8d484d9b1d1b16ef535a372613ac0ca9b7
SHA256:c5e5e5439c6d507f2614f25403ed97f90240f07bb444d13a0a63ab31f2470fef
Tags:exeuser-sa6ta6ni6c
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected AntiVM5
AI detected suspicious sample
Contains functionality to infect the boot sector
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • zapret.exe (PID: 6048 cmdline: "C:\Users\user\Desktop\zapret.exe" MD5: FF130E918B140BE5B7A4FE668950F220)
    • zapret.exe (PID: 7096 cmdline: "C:\Users\user\Desktop\zapret.exe" MD5: FF130E918B140BE5B7A4FE668950F220)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_AntiVM_5Yara detected AntiVM_5Joe Security
    Process Memory Space: zapret.exe PID: 7096JoeSecurity_AntiVM_5Yara detected AntiVM_5Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: zapret.exeAvira: detected
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 83.4% probability
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE4B50 PyCMethod_New,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,2_2_61CE4B50
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8659720 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FF8A8659720
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8638970 CRYPTO_free,2_2_00007FF8A8638970
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A865C970 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FF8A865C970
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631393 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,2_2_00007FF8A8631393
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A864C910 OPENSSL_sk_num,X509_STORE_CTX_new,ERR_put_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_put_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_put_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FF8A864C910
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863132A CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,2_2_00007FF8A863132A
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631D9D CRYPTO_THREAD_run_once,2_2_00007FF8A8631D9D
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631D5C CRYPTO_clear_free,2_2_00007FF8A8631D5C
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632464 CRYPTO_malloc,memcpy,2_2_00007FF8A8632464
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8688AD0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8688AD0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A865CB10 CRYPTO_free,CRYPTO_free,2_2_00007FF8A865CB10
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8670BF0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8670BF0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8678BAF CRYPTO_malloc,2_2_00007FF8A8678BAF
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632478 CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free,2_2_00007FF8A8632478
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631983 CRYPTO_free,CRYPTO_memdup,memcmp,CRYPTO_memdup,2_2_00007FF8A8631983
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8664C70 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,2_2_00007FF8A8664C70
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8668C60 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8A8668C60
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A865CC00 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FF8A865CC00
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8688CF0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8688CF0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A867CCF0 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A867CCF0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863ECC0 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,2_2_00007FF8A863ECC0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A864CCB0 CRYPTO_get_ex_new_index,2_2_00007FF8A864CCB0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863189D CRYPTO_malloc,ERR_put_error,2_2_00007FF8A863189D
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A868AD6C CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A868AD6C
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863163B CRYPTO_free,CRYPTO_malloc,2_2_00007FF8A863163B
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632207 ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes,2_2_00007FF8A8632207
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A867AD40 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A867AD40
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A864CD10 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FF8A864CD10
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8670DE0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8670DE0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8646DD7 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8646DD7
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A865CDC0 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,d2i_X509,X509_get0_pubkey,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,2_2_00007FF8A865CDC0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A869CDA0 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FF8A869CDA0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631410 CRYPTO_malloc,ERR_put_error,BIO_snprintf,2_2_00007FF8A8631410
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632306 CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8632306
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631078 CRYPTO_free,2_2_00007FF8A8631078
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86324F5 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A86324F5
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8646EA3 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8646EA3
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863AEA0 CRYPTO_free,2_2_00007FF8A863AEA0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631E24 CRYPTO_malloc,2_2_00007FF8A8631E24
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631802 CRYPTO_strdup,2_2_00007FF8A8631802
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631A4B OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp,2_2_00007FF8A8631A4B
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863254F BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FF8A863254F
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8678F1A CRYPTO_free,CRYPTO_free,2_2_00007FF8A8678F1A
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A867AF10 CRYPTO_malloc,EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FF8A867AF10
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631069 CRYPTO_free,2_2_00007FF8A8631069
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8688FB0 CRYPTO_malloc,EVP_CIPHER_CTX_new,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_iv_length,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final,2_2_00007FF8A8688FB0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631A05 CRYPTO_zalloc,memcpy,memcpy,memcpy,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8631A05
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631047 EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A8631047
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863177B EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key,EVP_sha256,EVP_DigestSignInit,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,_time64,EVP_MD_CTX_free,EVP_PKEY_free,EVP_MD_CTX_free,EVP_PKEY_free,2_2_00007FF8A863177B
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632383 CRYPTO_malloc,2_2_00007FF8A8632383
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8683020 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,2_2_00007FF8A8683020
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631398 EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,EVP_PKEY_security_bits,DH_free,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8A8631398
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863115E OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A863115E
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A869D0B0 SRP_Calc_u,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FF8A869D0B0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86319FB CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A86319FB
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8656270 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FF8A8656270
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8698240 CRYPTO_free,CRYPTO_malloc,ERR_put_error,2_2_00007FF8A8698240
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631131 CRYPTO_free,2_2_00007FF8A8631131
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8646210 CRYPTO_free,2_2_00007FF8A8646210
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863E200 CRYPTO_malloc,2_2_00007FF8A863E200
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8648200 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A8648200
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A864E200 CRYPTO_THREAD_run_once,2_2_00007FF8A864E200
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631DCF CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_size,2_2_00007FF8A8631DCF
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631CB7 CRYPTO_clear_free,2_2_00007FF8A8631CB7
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631B7C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A8631B7C
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86321BC CRYPTO_free,_time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,2_2_00007FF8A86321BC
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632365 CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,2_2_00007FF8A8632365
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8670350 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8670350
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86315C8 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8A86315C8
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631E79 CRYPTO_free,CRYPTO_malloc,2_2_00007FF8A8631E79
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631DBB BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A8631DBB
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A866A3F0 CRYPTO_memcmp,2_2_00007FF8A866A3F0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86383E0 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A86383E0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631F32 CRYPTO_free,CRYPTO_malloc,RAND_bytes,2_2_00007FF8A8631F32
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8634473 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FF8A8634473
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8680460 CRYPTO_free,CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8680460
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86322C0 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FF8A86322C0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8652410 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A8652410
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631F0F CRYPTO_free,2_2_00007FF8A8631F0F
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863240F CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,2_2_00007FF8A863240F
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8638490 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,2_2_00007FF8A8638490
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8690570 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8690570
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631BC7 CRYPTO_strdup,CRYPTO_free,2_2_00007FF8A8631BC7
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631762 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FF8A8631762
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86785D7 CRYPTO_clear_free,2_2_00007FF8A86785D7
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631FCD CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8631FCD
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631C03 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FF8A8631C03
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863135C memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FF8A863135C
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8670620 CRYPTO_free,CRYPTO_free,2_2_00007FF8A8670620
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631BDB EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8631BDB
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8634690 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FF8A8634690
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632225 CRYPTO_free,2_2_00007FF8A8632225
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A866A690 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A866A690
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631AC3 CRYPTO_malloc,ERR_put_error,CRYPTO_free,2_2_00007FF8A8631AC3
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863101E CRYPTO_free,CRYPTO_free,2_2_00007FF8A863101E
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8688720 CRYPTO_memcmp,2_2_00007FF8A8688720
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8664820 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A8664820
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8682820 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,2_2_00007FF8A8682820
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631195 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8631195
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86708D0 CRYPTO_memcmp,2_2_00007FF8A86708D0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631924 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8631924
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863214E CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A863214E
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A866A8B0 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A866A8B0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86779F0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A86779F0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86679E0 CRYPTO_free,2_2_00007FF8A86679E0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86579D0 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A86579D0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86318DE CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A86318DE
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631A64 CRYPTO_free,2_2_00007FF8A8631A64
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631438 ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8631438
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8681990 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8681990
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8655987 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A8655987
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863129E CRYPTO_THREAD_run_once,2_2_00007FF8A863129E
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A865FA70 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A865FA70
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86323BA CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A86323BA
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8637A20 CRYPTO_free,2_2_00007FF8A8637A20
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A867BAA0 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A867BAA0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8667A80 CRYPTO_free,CRYPTO_free,2_2_00007FF8A8667A80
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631122 CRYPTO_free,2_2_00007FF8A8631122
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8647B60 CRYPTO_zalloc,2_2_00007FF8A8647B60
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632185 CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8632185
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A866FB20 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A866FB20
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A864FBE0 CRYPTO_zalloc,ERR_put_error,CRYPTO_free,2_2_00007FF8A864FBE0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8667BD0 CRYPTO_free,2_2_00007FF8A8667BD0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631974 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8631974
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86310F5 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free,2_2_00007FF8A86310F5
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632220 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8632220
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631348 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A8631348
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863102D CRYPTO_malloc,COMP_expand_block,2_2_00007FF8A863102D
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8667C40 CRYPTO_free,2_2_00007FF8A8667C40
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8663C30 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A8663C30
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86314FB EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A86314FB
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A868DCA0 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A868DCA0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8645C90 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FF8A8645C90
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A868FD40 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,2_2_00007FF8A868FD40
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86313FC EVP_MD_CTX_new,CRYPTO_memcmp,memcpy,memcpy,2_2_00007FF8A86313FC
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86316D1 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8A86316D1
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8683D30 CRYPTO_malloc,memcpy,2_2_00007FF8A8683D30
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8653D00 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8653D00
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8649DF0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8649DF0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632216 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8632216
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86311EA CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,CRYPTO_free,2_2_00007FF8A86311EA
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86311B3 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A86311B3
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631C8A CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8631C8A
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8681D90 CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8681D90
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A864FE40 strncmp,strncmp,strncmp,strncmp,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FF8A864FE40
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8639E30 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8639E30
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863DE20 CRYPTO_free,2_2_00007FF8A863DE20
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632522 ERR_put_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8632522
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631FF0 CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8631FF0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8667EE0 CRYPTO_free,2_2_00007FF8A8667EE0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863DED0 CRYPTO_free,2_2_00007FF8A863DED0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A864DED0 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,2_2_00007FF8A864DED0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863258B CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A863258B
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86320B3 CRYPTO_free,CRYPTO_malloc,memcpy,2_2_00007FF8A86320B3
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8647F60 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8647F60
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A868BF40 CRYPTO_memcmp,2_2_00007FF8A868BF40
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86316F9 CRYPTO_free,2_2_00007FF8A86316F9
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631FB9 CRYPTO_free,2_2_00007FF8A8631FB9
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863DFE0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,2_2_00007FF8A863DFE0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A864DFC0 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,2_2_00007FF8A864DFC0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631523 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A8631523
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8690050 EVP_PKEY_get0_RSA,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free,2_2_00007FF8A8690050
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A864C030 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,2_2_00007FF8A864C030
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863228E CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A863228E
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631956 EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp,2_2_00007FF8A8631956
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86460D8 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A86460D8
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8634094 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FF8A8634094
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631114 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8A8631114
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632284 EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc,2_2_00007FF8A8632284
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86391B0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A86391B0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631FFF memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,_time64,2_2_00007FF8A8631FFF
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631A87 memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,memcmp,memcmp,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8631A87
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86314B5 ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FF8A86314B5
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86319EC CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A86319EC
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863201D EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc,2_2_00007FF8A863201D
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863194C ERR_put_error,ASN1_item_free,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FF8A863194C
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632293 CRYPTO_memdup,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8632293
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8663360 CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,2_2_00007FF8A8663360
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A867B350 CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A867B350
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8655327 CRYPTO_memdup,ERR_put_error,2_2_00007FF8A8655327
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631073 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FF8A8631073
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863192E CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A863192E
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631461 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8631461
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8667460 CRYPTO_free,2_2_00007FF8A8667460
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863160E CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A863160E
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86474D0 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free,2_2_00007FF8A86474D0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86674D0 CRYPTO_free,CRYPTO_strdup,CRYPTO_free,2_2_00007FF8A86674D0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631C94 HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,2_2_00007FF8A8631C94
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8659490 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FF8A8659490
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631433 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8631433
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8687530 EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_size,EVP_DigestVerifyInit,EVP_PKEY_id,CRYPTO_malloc,BUF_reverse,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerify,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FF8A8687530
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86395F0 CRYPTO_malloc,ERR_put_error,CRYPTO_free,2_2_00007FF8A86395F0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631163 EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8631163
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8681620 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free,2_2_00007FF8A8681620
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86313B6 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A86313B6
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631235 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A8631235
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631E10 ERR_put_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8631E10
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8677760 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A8677760
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631DCA CRYPTO_malloc,CRYPTO_mem_ctrl,OPENSSL_sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,2_2_00007FF8A8631DCA
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86310FF CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FF8A86310FF
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8663730 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FF8A8663730
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A867B720 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A867B720
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86320F9 BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free,2_2_00007FF8A86320F9
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86317BD OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_memcmp,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,2_2_00007FF8A86317BD
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8651790 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A8651790
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8667860 CRYPTO_free,2_2_00007FF8A8667860
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863205E EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A863205E
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A867D840 CRYPTO_free,CRYPTO_free,2_2_00007FF8A867D840
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86316F4 CRYPTO_malloc,CRYPTO_THREAD_lock_new,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FF8A86316F4
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A866F8F0 CRYPTO_realloc,2_2_00007FF8A866F8F0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863176C CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup,2_2_00007FF8A863176C
      Source: zapret.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
      Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099749875.00007FF8B9843000.00000002.00000001.01000000.00000011.sdmp, select.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099181701.00007FF8B8B3B000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb** source: zapret.exe, 00000002.00000002.2099089702.00007FF8B8B00000.00000002.00000001.01000000.0000000B.sdmp, pywintypes310.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099290555.00007FF8B8C12000.00000002.00000001.01000000.0000001B.sdmp, _uuid.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32ui.pdb source: win32ui.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32trace.pdb source: zapret.exe, 00000000.00000003.2060421229.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
      Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Aug 26 18:34:57 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: zapret.exe, 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmp, libcrypto-1_1.dll.0.dr
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: zapret.exe, 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmp, libssl-1_1.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\python310.pdb source: zapret.exe, 00000002.00000002.2097987965.00007FF8A8E1B000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb?? source: zapret.exe, 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmp, libssl-1_1.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099547482.00007FF8B8F8D000.00000002.00000001.01000000.00000009.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb source: zapret.exe, 00000002.00000002.2097636069.00007FF8A8A8C000.00000002.00000001.01000000.0000000D.sdmp
      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: zapret.exe, 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmp, libcrypto-1_1.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099457726.00007FF8B8F73000.00000002.00000001.01000000.00000017.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb source: zapret.exe, 00000002.00000002.2099089702.00007FF8B8B00000.00000002.00000001.01000000.0000000B.sdmp, pywintypes310.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: zapret.exe, 00000002.00000002.2098517113.00007FF8B78AD000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
      Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: zapret.exe, 00000000.00000003.2050858478.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099938708.00007FF8BA4F5000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140_1.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2098688710.00007FF8B7DE7000.00000002.00000001.01000000.00000016.sdmp, _hashlib.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099181701.00007FF8B8B3B000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: zapret.exe, 00000000.00000003.2050707818.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099829644.00007FF8B9F71000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: zapret.exe, 00000002.00000002.2099667066.00007FF8B93D0000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb}},GCTL source: zapret.exe, 00000002.00000002.2097636069.00007FF8A8A8C000.00000002.00000001.01000000.0000000D.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb source: zapret.exe, 00000002.00000002.2098998173.00007FF8B7E53000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb!! source: zapret.exe, 00000002.00000002.2098998173.00007FF8B7E53000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2098904861.00007FF8B7E28000.00000002.00000001.01000000.00000010.sdmp, _socket.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2090710746.00000193E0E60000.00000002.00000001.01000000.00000006.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\_win32sysloader.pdb source: zapret.exe, 00000000.00000003.2059827050.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, _win32sysloader.pyd.0.dr
      Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF79210 FindFirstFileExW,FindClose,0_2_00007FF6DFF79210
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF99618 FindFirstFileExW,0_2_00007FF6DFF99618
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF7D679 FindFirstFileExW,0_2_00007FF6DFF7D679
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF79210 FindFirstFileExW,FindClose,2_2_00007FF6DFF79210
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF99618 FindFirstFileExW,2_2_00007FF6DFF99618
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF7D679 FindFirstFileExW,2_2_00007FF6DFF7D679
      Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
      Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
      Source: unknownDNS query: name: api.ipify.org
      Source: unknownDNS query: name: api.ipify.org
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD3800 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,2_2_61CD3800
      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
      Source: zapret.exe, 00000002.00000002.2092084223.00000193E3B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://9x9o.com/km121124d.txt
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091582815.00000193E3867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E3298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E3867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
      Source: zapret.exe, 00000002.00000002.2090952969.00000193E2F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
      Source: zapret.exe, 00000002.00000002.2090952969.00000193E2F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlhe
      Source: zapret.exe, 00000002.00000002.2090952969.00000193E2F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
      Source: zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
      Source: zapret.exe, 00000002.00000002.2090952969.00000193E2F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
      Source: zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ass
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
      Source: zapret.exe, 00000002.00000003.2074469393.00000193E32CE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2092162263.00000193E3C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
      Source: zapret.exe, 00000002.00000002.2091045470.00000193E2FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
      Source: zapret.exe, 00000002.00000003.2074469393.00000193E334A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E332A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
      Source: zapret.exe, 00000002.00000003.2074469393.00000193E334A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E332A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E332A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E332A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
      Source: zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2073271047.00000193E31EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
      Source: zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0N
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0O
      Source: zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
      Source: zapret.exe, 00000002.00000002.2092256463.00000193E3DA0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091852857.00000193E38B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timgolden.me.uk/python/wmi.html
      Source: zapret.exe, 00000002.00000002.2092084223.00000193E3B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
      Source: zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
      Source: zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
      Source: zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
      Source: zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E37FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091582815.00000193E37FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
      Source: zapret.exe, 00000002.00000003.2070767831.00000193E31F0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2070767831.00000193E31E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E3867000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
      Source: zapret.exe, 00000002.00000003.2070823471.00000193E2FD1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2070767831.00000193E31F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
      Source: zapret.exe, 00000002.00000002.2092162263.00000193E3D3C000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091852857.00000193E38B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
      Source: zapret.exe, 00000002.00000002.2091852857.00000193E38B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.phpFN
      Source: zapret.exe, 00000002.00000003.2070767831.00000193E31F0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2070767831.00000193E31E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E3298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cpsl
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E32CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
      Source: zapret.exe, 00000002.00000002.2092399676.00000193E3EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
      Source: zapret.exe, 00000002.00000002.2091419809.00000193E3400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
      Source: zapret.exe, 00000002.00000002.2090590744.00000193E0C5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064068300.00000193E2661000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064010729.00000193E2665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
      Source: zapret.exe, 00000002.00000002.2091045470.00000193E2FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
      Source: zapret.exe, zapret.exe, 00000002.00000002.2097797881.00007FF8A8AD4000.00000002.00000001.01000000.0000000D.sdmp, zapret.exe, 00000002.00000002.2099124334.00007FF8B8B11000.00000002.00000001.01000000.0000000B.sdmp, zapret.exe, 00000002.00000002.2099033083.00007FF8B7E61000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.dr, pywintypes310.dll.0.dr, _win32sysloader.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
      Source: zapret.exe, 00000002.00000002.2092162263.00000193E3D24000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091582815.00000193E3720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
      Source: zapret.exe, 00000002.00000002.2090801229.00000193E2B28000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064010729.00000193E2665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
      Source: zapret.exe, 00000002.00000003.2064010729.00000193E2665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
      Source: zapret.exe, 00000002.00000002.2090590744.00000193E0C5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064068300.00000193E2661000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064010729.00000193E2665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
      Source: zapret.exe, 00000002.00000002.2090590744.00000193E0C5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064068300.00000193E2661000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064010729.00000193E2665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
      Source: zapret.exe, 00000002.00000002.2091419809.00000193E3400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
      Source: zapret.exe, 00000002.00000002.2091503008.00000193E3590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
      Source: zapret.exe, 00000002.00000002.2091503008.00000193E3590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920Z
      Source: zapret.exe, 00000002.00000002.2092016712.00000193E3A90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
      Source: zapret.exe, 00000002.00000003.2074469393.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074683175.00000193E33D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
      Source: zapret.exe, 00000002.00000002.2091045470.00000193E2FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google.com/api/1233vU554155454
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E33C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
      Source: zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
      Source: zapret.exe, 00000002.00000003.2074683175.00000193E33D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
      Source: zapret.exe, 00000002.00000002.2092084223.00000193E3B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
      Source: zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
      Source: zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E32CC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E32CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
      Source: zapret.exe, 00000002.00000002.2092084223.00000193E3BC8000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091503008.00000193E3590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
      Source: zapret.exe, 00000002.00000002.2097987965.00007FF8A8E1B000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.drString found in binary or memory: https://python.org/dev/peps/pep-0263/
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/BIOS_Serial_List.txt
      Source: zapret.exe, 00000002.00000002.2090882905.00000193E2BA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/BaseBoard_Manufacturer_List.txt
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/BaseBoard_Serial_List.txt
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/CPU_Serial_List.txt
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/DiskDrive_Serial_List.txt
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/HwProfileGuid_List.txt
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/MachineGuid.txt
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/gpu_list.txt
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/hwid_list.txt
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/ip_list.txt
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/mac_list.txt
      Source: zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/gabjohn3/nb/main/pc_platforms.txt
      Source: zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2092162263.00000193E3D3C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
      Source: zapret.exe, 00000002.00000002.2091045470.00000193E2FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
      Source: zapret.exe, 00000002.00000002.2090590744.00000193E0C5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074683175.00000193E33D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
      Source: zapret.exe, 00000002.00000002.2092084223.00000193E3B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
      Source: zapret.exe, 00000002.00000002.2091419809.00000193E3400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC77000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2053697074.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: https://www.digicert.com/CPS0
      Source: zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmp, zapret.exe, 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmp, libssl-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
      Source: zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
      Source: zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E32CC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E32CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
      Source: zapret.exe, 00000000.00000003.2052645917.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2070153536.00000193E2F52000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
      Source: zapret.exe, 00000002.00000002.2090801229.00000193E2AA0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E33C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091582815.00000193E3867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
      Source: zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/;P
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E33C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD3800 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,2_2_61CD3800
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD2640: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle,2_2_61CD2640
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF7A9400_2_00007FF6DFF7A940
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF77DB00_2_00007FF6DFF77DB0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF726200_2_00007FF6DFF72620
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF7B3100_2_00007FF6DFF7B310
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF7B3300_2_00007FF6DFF7B330
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF7CF800_2_00007FF6DFF7CF80
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF85C1A0_2_00007FF6DFF85C1A
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF798D00_2_00007FF6DFF798D0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF7B1280_2_00007FF6DFF7B128
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD43402_2_61CD4340
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CC65802_2_61CC6580
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CC75902_2_61CC7590
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D091D02_2_61D091D0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D191E02_2_61D191E0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D411802_2_61D41180
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D211A02_2_61D211A0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD80402_2_61CD8040
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D020722_2_61D02072
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D173C02_2_61D173C0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE83A02_2_61CE83A0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D285202_2_61D28520
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD44C02_2_61CD44C0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE04902_2_61CE0490
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D3F4502_2_61D3F450
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D024002_2_61D02400
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CEB7902_2_61CEB790
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CEE7602_2_61CEE760
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D186C02_2_61D186C0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CEE9E02_2_61CEE9E0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD79802_2_61CD7980
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CDB9202_2_61CDB920
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D279202_2_61D27920
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CC38D62_2_61CC38D6
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE98F02_2_61CE98F0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE88902_2_61CE8890
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD5B602_2_61CD5B60
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD7B202_2_61CD7B20
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CC3AC12_2_61CC3AC1
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CC9A502_2_61CC9A50
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CECDD02_2_61CECDD0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE6DF02_2_61CE6DF0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CC7D902_2_61CC7D90
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE0D502_2_61CE0D50
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD4D702_2_61CD4D70
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE9D102_2_61CE9D10
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE4CD02_2_61CE4CD0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D17CA52_2_61D17CA5
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D16C002_2_61D16C00
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CC9C102_2_61CC9C10
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD6FC02_2_61CD6FC0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD0FC22_2_61CD0FC2
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE7FB02_2_61CE7FB0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CE3EA02_2_61CE3EA0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D19E502_2_61D19E50
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D27E002_2_61D27E00
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CC1E102_2_61CC1E10
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF7A9402_2_00007FF6DFF7A940
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF7B3102_2_00007FF6DFF7B310
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF7B3302_2_00007FF6DFF7B330
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF85C1A2_2_00007FF6DFF85C1A
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF77DB02_2_00007FF6DFF77DB0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF726202_2_00007FF6DFF72620
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF7CF802_2_00007FF6DFF7CF80
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF798D02_2_00007FF6DFF798D0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF7B1282_2_00007FF6DFF7B128
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A85112F02_2_00007FF8A85112F0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A85118D02_2_00007FF8A85118D0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86315372_2_00007FF8A8631537
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8636B902_2_00007FF8A8636B90
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863168B2_2_00007FF8A863168B
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86315B42_2_00007FF8A86315B4
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86313982_2_00007FF8A8631398
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863115E2_2_00007FF8A863115E
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86320AE2_2_00007FF8A86320AE
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863256D2_2_00007FF8A863256D
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631BDB2_2_00007FF8A8631BDB
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86319972_2_00007FF8A8631997
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86900502_2_00007FF8A8690050
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86319562_2_00007FF8A8631956
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631A872_2_00007FF8A8631A87
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86412002_2_00007FF8A8641200
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863B3602_2_00007FF8A863B360
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8631C942_2_00007FF8A8631C94
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86317BD2_2_00007FF8A86317BD
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86313F22_2_00007FF8A86313F2
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86978602_2_00007FF8A8697860
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86314512_2_00007FF8A8631451
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863F8E52_2_00007FF8A863F8E5
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A863114F2_2_00007FF8A863114F
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E4E492_2_00007FF8A86E4E49
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E23F12_2_00007FF8A86E23F1
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E22AC2_2_00007FF8A86E22AC
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E11CC2_2_00007FF8A86E11CC
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E275C2_2_00007FF8A86E275C
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E6D572_2_00007FF8A86E6D57
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E5D9E2_2_00007FF8A86E5D9E
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A881AD502_2_00007FF8A881AD50
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E4CFF2_2_00007FF8A86E4CFF
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A87C2E702_2_00007FF8A87C2E70
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E10AA2_2_00007FF8A86E10AA
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86FEF002_2_00007FF8A86FEF00
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E72BB2_2_00007FF8A86E72BB
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E1B222_2_00007FF8A86E1B22
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E213F2_2_00007FF8A86E213F
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E144C2_2_00007FF8A86E144C
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86FF0602_2_00007FF8A86FF060
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E43FE2_2_00007FF8A86E43FE
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E12172_2_00007FF8A86E1217
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A88170202_2_00007FF8A8817020
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A88962902_2_00007FF8A8896290
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E1B312_2_00007FF8A86E1B31
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E14242_2_00007FF8A86E1424
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E5E202_2_00007FF8A86E5E20
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E1A4B2_2_00007FF8A86E1A4B
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A88126702_2_00007FF8A8812670
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E655A2_2_00007FF8A86E655A
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E46792_2_00007FF8A86E4679
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E6FF52_2_00007FF8A86E6FF5
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E4F392_2_00007FF8A86E4F39
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A88979802_2_00007FF8A8897980
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E216C2_2_00007FF8A86E216C
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E41602_2_00007FF8A86E4160
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A874FA002_2_00007FF8A874FA00
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A887FA102_2_00007FF8A887FA10
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A881FB402_2_00007FF8A881FB40
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E50A62_2_00007FF8A86E50A6
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E724D2_2_00007FF8A86E724D
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86FBD602_2_00007FF8A86FBD60
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E22892_2_00007FF8A86E2289
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E2D0B2_2_00007FF8A86E2D0B
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A880FE602_2_00007FF8A880FE60
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E266C2_2_00007FF8A86E266C
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86FBF202_2_00007FF8A86FBF20
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E40FC2_2_00007FF8A86E40FC
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E47412_2_00007FF8A86E4741
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E114F2_2_00007FF8A86E114F
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E29CD2_2_00007FF8A86E29CD
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A88971D02_2_00007FF8A88971D0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E659B2_2_00007FF8A86E659B
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E68C52_2_00007FF8A86E68C5
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86FF2002_2_00007FF8A86FF200
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E1EA12_2_00007FF8A86E1EA1
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E6EEC2_2_00007FF8A86E6EEC
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A870B4C02_2_00007FF8A870B4C0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E5F0B2_2_00007FF8A86E5F0B
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E51642_2_00007FF8A86E5164
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E53A32_2_00007FF8A86E53A3
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E5D852_2_00007FF8A86E5D85
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E54C52_2_00007FF8A86E54C5
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF6DFF72E70 appears 178 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A86E2A04 appears 114 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 61D62C68 appears 51 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A86312EE appears 582 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 61D62C20 appears 65 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF6DFF72D90 appears 100 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A86E4052 appears 379 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A86E24B9 appears 37 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A86E1EF1 appears 809 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A86E4836 appears 58 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A869D3CF appears 218 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A869D465 appears 103 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A86E2734 appears 268 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF6DFF72F10 appears 32 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 61CDD820 appears 235 times
      Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF8A86E6988 appears 31 times
      Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
      Source: pyarmor_runtime.pyd.0.drStatic PE information: Number of sections : 11 > 10
      Source: zapret.exeStatic PE information: Number of sections : 12 > 10
      Source: python3.dll.0.drStatic PE information: No import functions for PE file found
      Source: zapret.exe, 00000000.00000003.2058272099.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2060213229.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2052279847.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2060421229.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2056736061.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2050385915.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2050858478.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2050707818.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2051254709.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2059827050.000002412CC7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2060104451.000002412CC7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2051101427.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2059827050.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs zapret.exe
      Source: zapret.exe, 00000000.00000003.2057965124.000002412CC71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom310.dll0 vs zapret.exe
      Source: zapret.exeBinary or memory string: OriginalFilename vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2099780582.00007FF8B9846000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2099335623.00007FF8B8C14000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2099490396.00007FF8B8F76000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2099699776.00007FF8B93DB000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2097797881.00007FF8A8AD4000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamepythoncom310.dll0 vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2099972460.00007FF8BA4F9000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2099613166.00007FF8B8F92000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibsslH vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2099124334.00007FF8B8B11000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2099239762.00007FF8B8B44000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2098730881.00007FF8B7DEE000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2098614940.00007FF8B78C5000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2099861381.00007FF8B9F77000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2090710746.00000193E0E60000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2098358754.00007FF8A8F2C000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2098941942.00007FF8B7E32000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs zapret.exe
      Source: zapret.exe, 00000002.00000002.2099033083.00007FF8B7E61000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs zapret.exe
      Source: classification engineClassification label: mal64.evad.winEXE@3/34@1/1
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF78B30 FormatMessageW,WideCharToMultiByte,GetLastError,0_2_00007FF6DFF78B30
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482Jump to behavior
      Source: zapret.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\zapret.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeFile read: C:\Users\user\Desktop\zapret.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"
      Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"
      Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"Jump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: libffi-7.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: vcruntime140_1.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: pdh.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: libcrypto-1_1.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: libssl-1_1.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\zapret.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
      Source: zapret.exeStatic PE information: Image base 0x140000000 > 0x60000000
      Source: zapret.exeStatic file information: File size 10527204 > 1048576
      Source: zapret.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
      Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: zapret.exe, 00000000.00000003.2059025389.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099749875.00007FF8B9843000.00000002.00000001.01000000.00000011.sdmp, select.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099181701.00007FF8B8B3B000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb** source: zapret.exe, 00000002.00000002.2099089702.00007FF8B8B00000.00000002.00000001.01000000.0000000B.sdmp, pywintypes310.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: zapret.exe, 00000000.00000003.2052498873.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099290555.00007FF8B8C12000.00000002.00000001.01000000.0000001B.sdmp, _uuid.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32ui.pdb source: win32ui.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32trace.pdb source: zapret.exe, 00000000.00000003.2060421229.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
      Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Aug 26 18:34:57 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: zapret.exe, 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmp, libcrypto-1_1.dll.0.dr
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: zapret.exe, 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmp, libssl-1_1.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\python310.pdb source: zapret.exe, 00000002.00000002.2097987965.00007FF8A8E1B000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb?? source: zapret.exe, 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmp, libssl-1_1.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: zapret.exe, 00000000.00000003.2050965341.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099547482.00007FF8B8F8D000.00000002.00000001.01000000.00000009.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb source: zapret.exe, 00000002.00000002.2097636069.00007FF8A8A8C000.00000002.00000001.01000000.0000000D.sdmp
      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: zapret.exe, 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmp, libcrypto-1_1.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: zapret.exe, 00000000.00000003.2051716130.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099457726.00007FF8B8F73000.00000002.00000001.01000000.00000017.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb source: zapret.exe, 00000002.00000002.2099089702.00007FF8B8B00000.00000002.00000001.01000000.0000000B.sdmp, pywintypes310.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: zapret.exe, 00000002.00000002.2098517113.00007FF8B78AD000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
      Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: zapret.exe, 00000000.00000003.2050858478.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099938708.00007FF8BA4F5000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140_1.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: zapret.exe, 00000000.00000003.2051418627.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2098688710.00007FF8B7DE7000.00000002.00000001.01000000.00000016.sdmp, _hashlib.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: zapret.exe, 00000000.00000003.2051576082.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099181701.00007FF8B8B3B000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: zapret.exe, 00000000.00000003.2050707818.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2099829644.00007FF8B9F71000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: zapret.exe, 00000002.00000002.2099667066.00007FF8B93D0000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb}},GCTL source: zapret.exe, 00000002.00000002.2097636069.00007FF8A8A8C000.00000002.00000001.01000000.0000000D.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb source: zapret.exe, 00000002.00000002.2098998173.00007FF8B7E53000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb!! source: zapret.exe, 00000002.00000002.2098998173.00007FF8B7E53000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: zapret.exe, 00000000.00000003.2052052832.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2098904861.00007FF8B7E28000.00000002.00000001.01000000.00000010.sdmp, _socket.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: zapret.exe, 00000000.00000003.2056082784.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2090710746.00000193E0E60000.00000002.00000001.01000000.00000006.sdmp
      Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
      Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: zapret.exe, 00000000.00000003.2059414462.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmp
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
      Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\_win32sysloader.pdb source: zapret.exe, 00000000.00000003.2059827050.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, _win32sysloader.pyd.0.dr
      Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF715E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF6DFF715E0
      Source: pywintypes310.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2e17c
      Source: md__mypyc.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x280fa
      Source: _win32sysloader.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xae0c
      Source: win32trace.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x10555
      Source: pyarmor_runtime.pyd.0.drStatic PE information: real checksum: 0x9d5c4 should be: 0xa2e8e
      Source: win32api.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x25ee7
      Source: pythoncom310.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xb0dfd
      Source: _psutil_windows.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1f645
      Source: md.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xf357
      Source: win32ui.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x120653
      Source: zapret.exeStatic PE information: section name: /4
      Source: zapret.exeStatic PE information: section name: .xdata
      Source: python310.dll.0.drStatic PE information: section name: PyRuntim
      Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
      Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
      Source: mfc140u.dll.0.drStatic PE information: section name: .didat
      Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
      Source: pyarmor_runtime.pyd.0.drStatic PE information: section name: .xdata

      Persistence and Installation Behavior

      barindex
      Contains functionality to infect the boot sector
      Source: C:\Users\user\Desktop\zapret.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d2_2_61CD2640
      Source: C:\Users\user\Desktop\zapret.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d2_2_61CD29F0
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\python3.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\win32\win32api.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\_lzma.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\VCRUNTIME140.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32\pywintypes310.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\win32\win32trace.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\libffi-7.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\libcrypto-1_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\libssl-1_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin\mfc140u.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\_bz2.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\select.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\_ssl.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\_uuid.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\_decimal.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\unicodedata.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\_ctypes.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\psutil\_psutil_windows.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\python310.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32\pythoncom310.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\_socket.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\VCRUNTIME140_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin\win32ui.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\win32\_win32sysloader.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\_hashlib.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI60482\_queue.pydJump to dropped file

      Boot Survival

      barindex
      Contains functionality to infect the boot sector
      Source: C:\Users\user\Desktop\zapret.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d2_2_61CD2640
      Source: C:\Users\user\Desktop\zapret.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d2_2_61CD29F0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF75810 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF6DFF75810
      Source: C:\Users\user\Desktop\zapret.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Yara detected AntiVM5
      Source: Yara matchFile source: 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: zapret.exe PID: 7096, type: MEMORYSTR
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\python3.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\win32\win32api.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\_lzma.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32\pywintypes310.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\win32\win32trace.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin\mfc140u.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\_bz2.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\select.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\_ssl.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\_uuid.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\_decimal.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\unicodedata.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\_ctypes.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\psutil\_psutil_windows.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\python310.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32\pythoncom310.dllJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\_socket.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin\win32ui.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\_queue.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\_hashlib.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60482\win32\_win32sysloader.pydJump to dropped file
      Source: C:\Users\user\Desktop\zapret.exeAPI coverage: 2.0 %
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF79210 FindFirstFileExW,FindClose,0_2_00007FF6DFF79210
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF99618 FindFirstFileExW,0_2_00007FF6DFF99618
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF7D679 FindFirstFileExW,0_2_00007FF6DFF7D679
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF79210 FindFirstFileExW,FindClose,2_2_00007FF6DFF79210
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF99618 FindFirstFileExW,2_2_00007FF6DFF99618
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF7D679 FindFirstFileExW,2_2_00007FF6DFF7D679
      Source: zapret.exe, 00000000.00000003.2052952618.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
      Source: zapret.exe, 00000002.00000003.2073172319.00000193E325E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW.
      Source: zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2073027661.00000193E327B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWfmtr%SystemRoot%\system32\mswsock.dll
      Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CC2C80 PyEval_GetGlobals,PyFunction_NewWithQualName,_PyObject_CallFunction_SizeT,_Py_Dealloc,PyExc_RuntimeError,PyErr_Format,GetProcAddress,strlen,IsDebuggerPresent,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,PyExc_RuntimeError,PyErr_Format,PyExc_RuntimeError,PyErr_Format,PyExc_RuntimeError,PyErr_Format,PyExc_SystemExit,PyExc_SystemExit,PyExc_SystemExit,_errno,_errno,_errno,PyExc_SystemExit,_errno,_errno,_Py_Dealloc,_Py_Dealloc,2_2_61CC2C80
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF715E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF6DFF715E0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61CD2170 GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,memcpy,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersAddresses,2_2_61CD2170
      Source: C:\Users\user\Desktop\zapret.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF6DFF71154 Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,exit,_cexit,0_2_00007FF6DFF71154
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D3FF20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,2_2_61D3FF20
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF6DFF71154 Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,exit,_cexit,2_2_00007FF6DFF71154
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8512AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8512AA0
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8513068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8513068
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A8632004 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8632004
      Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"Jump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\_ctypes.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\_ssl.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\_bz2.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\_lzma.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32\pywintypes310.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32\pythoncom310.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32\win32api.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\beaj0xj6 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpghbk2ivq VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pyarmor_runtime_000000 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pyarmor_runtime_000000 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pyarmor_runtime_000000 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\_socket.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\select.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\psutil VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\psutil VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\psutil VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\_ssl.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\_hashlib.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\_queue.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer\md.cp310-win_amd64.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer\md__mypyc.cp310-win_amd64.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\unicodedata.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\win32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\certifi\cacert.pem VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\_uuid.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpghbk2ivq VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpghbk2ivq\gen_py\__init__.py VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpghbk2ivq\gen_py\dicts.dat VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_61D3FE40 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_61D3FE40
      Source: C:\Users\user\Desktop\zapret.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Users\user\Desktop\zapret.exeCode function: 2_2_00007FF8A86E2B5D bind,WSAGetLastError,2_2_00007FF8A86E2B5D

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      Bootkit      		11
      Process Injection      		11
      Process Injection      		OS Credential Dumping1
      System Time Discovery      		Remote Services1
      Archive Collected Data      		22
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		LSASS Memory21
      Security Software Discovery      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      Obfuscated Files or Information      		Security Account Manager1
      System Network Configuration Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Bootkit      		NTDS1
      File and Directory Discovery      		Distributed Component Object ModelInput Capture2
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets13
      System Information Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      zapret.exe100%AviraHEUR/AGEN.1354936

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin\mfc140u.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin\win32ui.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\VCRUNTIME140.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\VCRUNTIME140_1.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\_bz2.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\_ctypes.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\_decimal.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\_hashlib.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\_lzma.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\_queue.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\_socket.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\_ssl.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\_uuid.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer\md.cp310-win_amd64.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer\md__mypyc.cp310-win_amd64.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\libcrypto-1_1.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\libffi-7.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\libssl-1_1.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\psutil\_psutil_windows.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\python3.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\python310.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32\pythoncom310.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32\pywintypes310.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\select.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\unicodedata.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\win32\_win32sysloader.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\win32\win32api.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI60482\win32\win32trace.pyd0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://wwww.certigna.fr/autorites/;P0%Avira URL Cloudsafe
      http://www.opensource.org/licenses/mit-license.phpFN0%Avira URL Cloudsafe
      http://json.org0%Avira URL Cloudsafe
      http://9x9o.com/km121124d.txt0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      api.ipify.org
      		104.26.12.205
      		truefalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://github.com/giampaolo/psutil/issues/875.zapret.exe, 00000002.00000002.2091045470.00000193E2FE0000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://github.com/mhammond/pywin32zapret.exe, zapret.exe, 00000002.00000002.2097797881.00007FF8A8AD4000.00000002.00000001.01000000.0000000D.sdmp, zapret.exe, 00000002.00000002.2099124334.00007FF8B8B11000.00000002.00000001.01000000.0000000B.sdmp, zapret.exe, 00000002.00000002.2099033083.00007FF8B7E61000.00000002.00000001.01000000.0000000E.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.dr, pywintypes310.dll.0.dr, _win32sysloader.pyd.0.drfalse
            		high
            http://crl.dhimyotis.com/certignarootca.crl0zapret.exe, 00000002.00000002.2091582815.00000193E3867000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://python.org/dev/peps/pep-0263/zapret.exe, 00000002.00000002.2097987965.00007FF8A8E1B000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.drfalse
                		high
                https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#zapret.exe, 00000002.00000002.2090590744.00000193E0C5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064068300.00000193E2661000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064010729.00000193E2665000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://goo.gl/zeJZl.zapret.exe, 00000002.00000002.2091045470.00000193E2FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://tools.ietf.org/html/rfc2388#section-4.4zapret.exe, 00000002.00000002.2090590744.00000193E0C5C000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://www.opensource.org/licenses/mit-license.phpzapret.exe, 00000002.00000002.2092162263.00000193E3D3C000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091852857.00000193E38B8000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963zapret.exe, 00000002.00000002.2091419809.00000193E3400000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://crl.dhimyotis.com/certignarootca.crlzapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://curl.haxx.se/rfc/cookie_spec.htmlzapret.exe, 00000002.00000003.2074469393.00000193E32CE000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2092162263.00000193E3C90000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://ocsp.accv.eszapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://raw.githubusercontent.com/gabjohn3/nb/main/pc_platforms.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://google.com/api/1233vU554155454zapret.exe, 00000002.00000002.2091045470.00000193E2FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://json.orgzapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyzapret.exe, 00000002.00000002.2092084223.00000193E3B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688zapret.exe, 00000002.00000002.2090801229.00000193E2B28000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064010729.00000193E2665000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://httpbin.org/getzapret.exe, 00000002.00000002.2092084223.00000193E3B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://raw.githubusercontent.com/gabjohn3/nb/main/mac_list.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://wwww.certigna.fr/autorites/0mzapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091582815.00000193E3867000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerzapret.exe, 00000002.00000002.2090590744.00000193E0C5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064068300.00000193E2661000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064010729.00000193E2665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://mail.python.org/pipermail/python-dev/2012-June/120787.html.zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2073271047.00000193E31EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://httpbin.org/zapret.exe, 00000002.00000003.2074683175.00000193E33D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://wwww.certigna.fr/autorites/zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlzapret.exe, 00000002.00000003.2070767831.00000193E31F0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2070767831.00000193E31E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://raw.githubusercontent.com/gabjohn3/nb/main/BaseBoard_Manufacturer_List.txtzapret.exe, 00000002.00000002.2090882905.00000193E2BA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E332A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E332A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syzapret.exe, 00000002.00000002.2090590744.00000193E0C5C000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064068300.00000193E2661000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2064010729.00000193E2665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://raw.githubusercontent.com/gabjohn3/nb/main/DiskDrive_Serial_List.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.securetrust.com/STCA.crlzapret.exe, 00000002.00000002.2090952969.00000193E2F94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://wwwsearch.sf.net/):zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E32CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ipinfo.io/zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.accv.es/legislacion_c.htmzapret.exe, 00000002.00000002.2091582815.00000193E37FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tools.ietf.org/html/rfc6125#section-6.4.3zapret.exe, 00000002.00000002.2092084223.00000193E3B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://crl.xrampsecurity.com/XGCA.crl0zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.cert.fnmt.es/dpcs/zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://google.com/mailzapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E33C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://packaging.python.org/specifications/entry-points/zapret.exe, 00000002.00000002.2092084223.00000193E3BC8000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091503008.00000193E3590000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.accv.es00zapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091582815.00000193E37FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyzapret.exe, 00000002.00000003.2064010729.00000193E2665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmzapret.exe, 00000002.00000003.2070767831.00000193E31F0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2070767831.00000193E31E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://foss.heptapod.net/pypy/pypy/-/issues/3539zapret.exe, 00000002.00000002.2091419809.00000193E3400000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://google.com/zapret.exe, 00000002.00000003.2074469393.00000193E334A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E332A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://mahler:8092/site-updates.pyzapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E32CC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E32CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://wwww.certigna.fr/autorites/;Pzapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://crl.securetrust.com/SGCA.crlzapret.exe, 00000002.00000002.2090952969.00000193E2F94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://.../back.jpegzapret.exe, 00000002.00000002.2092084223.00000193E3B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.python.org/download/releases/2.3/mro/.zapret.exe, 00000002.00000002.2090801229.00000193E2AA0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                        		high
                                                                                                        https://httpbin.org/postzapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://raw.githubusercontent.com/gabjohn3/nb/main/ip_list.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/Ousret/charset_normalizerzapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.firmaprofesional.com/cps0zapret.exe, 00000002.00000002.2091582815.00000193E3867000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.quovadisglobal.com/cpslzapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/urllib3/urllib3/issues/2920zapret.exe, 00000002.00000002.2091503008.00000193E3590000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://crl.securetrust.com/SGCA.crl0zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://yahoo.com/zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E33C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://crl.securetrust.com/STCA.crl0zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://raw.githubusercontent.com/gabjohn3/nb/main/hwid_list.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://raw.githubusercontent.com/gabjohn3/nb/main/BIOS_Serial_List.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://crl.securetrust.com/SGCA.crlhezapret.exe, 00000002.00000002.2090952969.00000193E2F94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://api.ipify.orgzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://crl.thawte.com/ThawteTimestampingCA.crl0zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://html.spec.whatwg.org/multipage/zapret.exe, 00000002.00000002.2091190653.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.quovadisglobal.com/cps0zapret.exe, 00000002.00000002.2091190653.00000193E3298000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlzapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningszapret.exe, 00000002.00000002.2091419809.00000193E3400000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0zapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://raw.githubusercontent.com/gabjohn3/nb/main/MachineGuid.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.rfc-editor.org/rfc/rfc8259#section-8.1zapret.exe, 00000002.00000002.2091190653.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E33C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.iana.org/time-zones/repository/tz-link.htmlzapret.exe, 00000002.00000003.2070823471.00000193E2FD1000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2070767831.00000193E31F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://raw.githubusercontent.com/gabjohn3/nb/main/HwProfileGuid_List.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://requests.readthedocs.iozapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2092162263.00000193E3D3C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://repository.swisssign.com/zapret.exe, 00000002.00000002.2091582815.00000193E380A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://api.ipify.org/zapret.exe, 00000002.00000002.2092399676.00000193E3EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://raw.githubusercontent.com/gabjohn3/nb/main/CPU_Serial_List.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.xrampsecurity.com/XGCA.crlzapret.exe, 00000002.00000002.2090952969.00000193E2F94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.python.orgzapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.accv.es/legislacion_c.htm0Uzapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.opensource.org/licenses/mit-license.phpFNzapret.exe, 00000002.00000002.2091852857.00000193E38B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://ocsp.accv.es0zapret.exe, 00000002.00000002.2091582815.00000193E379F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://ocsp.thawte.com0zapret.exe, 00000000.00000003.2054637257.000002412CC71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.python.org/zapret.exe, 00000002.00000003.2074469393.00000193E3375000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E32CC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E32CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.python.org/dev/peps/pep-0205/zapret.exe, 00000000.00000003.2052645917.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2070153536.00000193E2F52000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://twitter.com/zapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074469393.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074683175.00000193E33D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://stackoverflow.com/questions/4457745#4457745.zapret.exe, 00000002.00000002.2091045470.00000193E2FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.quovadisglobal.com/cpszapret.exe, 00000002.00000002.2091190653.00000193E31FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://google.com/zapret.exe, 00000002.00000003.2074469393.00000193E33C8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000003.2074683175.00000193E33D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://google.com/mail/zapret.exe, 00000002.00000002.2090952969.00000193E2EE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://raw.githubusercontent.com/gabjohn3/nb/main/BaseBoard_Serial_List.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://google.com/mail/zapret.exe, 00000002.00000003.2074469393.00000193E334A000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091190653.00000193E332A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://github.com/urllib3/urllib3/issues/3290zapret.exe, 00000002.00000002.2092016712.00000193E3A90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://github.com/urllib3/urllib3/issues/2920Zzapret.exe, 00000002.00000002.2091503008.00000193E3590000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://timgolden.me.uk/python/wmi.htmlzapret.exe, 00000002.00000002.2092256463.00000193E3DA0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2091852857.00000193E38B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://raw.githubusercontent.com/gabjohn3/nb/main/gpu_list.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.openssl.org/Hzapret.exe, 00000000.00000003.2054810615.000002412CC71000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmp, zapret.exe, 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmp, libssl-1_1.dll.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://9x9o.com/km121124d.txtzapret.exe, 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                                        		unknown

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        104.26.12.205
                                                                                                                                                                                                        		api.ipify.orgUnited States
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1573827
                                                                                                                                                                                                        Start date and time:2024-12-12 16:18:09 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 5m 28s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:3
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:zapret.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal64.evad.winEXE@3/34@1/1
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                        • Successful, ratio: 80%
                                                                                                                                                                                                        • Number of executed functions: 74
                                                                                                                                                                                                        • Number of non-executed functions: 245
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                        • VT rate limit hit for: zapret.exe

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        104.26.12.205jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/?format=text
                                                                                                                                                                                                        xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        Simple2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        perfcc.elfGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                        • api.ipify.org/

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        api.ipify.orgRockwool-Msg-S9039587897.pdfGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                        RFQ-004282A.Teknolojileri A.S.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        Employee_Letter.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                        discord.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        QUOTATION#08670.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        INVOICE NO. USF23-24072 IGR23110.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                        SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                        EEMsLiXoiTzoaDd.scrGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        Statement 2024-11-29 (K07234).exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 104.26.12.205

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        CLOUDFLARENETUShttps://forms.office.com/e/YpaL2Dw0r2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.17.25.14
                                                                                                                                                                                                        https://connect-velocity-33392.my.salesforce-sites.com/helpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.26.10.50
                                                                                                                                                                                                        phish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 162.159.140.237
                                                                                                                                                                                                        jew.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.23.145.205
                                                                                                                                                                                                        TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                        • 172.67.177.134
                                                                                                                                                                                                        ZzS8KjNjr7.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                        • 104.21.50.161
                                                                                                                                                                                                        Szi2WJUKmv.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                        • 104.21.50.161
                                                                                                                                                                                                        aYxpioi6G3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.164.37
                                                                                                                                                                                                        New xlsx docs074252657723824 - Tuesday, December 3, 2024 at 03_42_05 PM_htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 172.67.142.245
                                                                                                                                                                                                        PGkSZbFKmI.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                        • 104.21.50.161

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin\mfc140u.dlldiscord.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                  SecuriteInfo.com.Python.Stealer.1251.9496.6786.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                    SecuriteInfo.com.Python.Stealer.1251.9496.6786.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                      SecuriteInfo.com.FileRepMalware.25861.18393.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        SecuriteInfo.com.FileRepMalware.25861.18393.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          oconsole.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5653536
                                                                                                                                                                                                                            Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                            MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                            SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                            SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                            SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                            • Filename: discord.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Payload.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Payload.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: SecuriteInfo.com.FileRepMalware.25861.18393.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: SecuriteInfo.com.FileRepMalware.25861.18393.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: oconsole.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1142272
                                                                                                                                                                                                                            Entropy (8bit):6.044159301267025
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:ETqIp0hPXIZSPzQ5u0j1Sn1w0vhYvSZav8pqR4aPFTP86:ETqImIN5pA1BlZZcyal
                                                                                                                                                                                                                            MD5:79FF2A54A88364617450A95224BAAFFD
                                                                                                                                                                                                                            SHA1:BDF9B430C6DC1CC83E4572761A19C0FEC65E7362
                                                                                                                                                                                                                            SHA-256:18D37C6FEE55515F9242D31A627671EC4413A428B08A14EA329D8D9B2A54D57F
                                                                                                                                                                                                                            SHA-512:7A97A7F0044E74FD6A05451F6CEB68D5E08E1ECE6D6E9BEDAA7D0C4AA2009834C5374E2ADAF66990AD3D7C1BFD21716DAA0AE77412E85532288CFFFEB08169C8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.K.............d].....-i......#i.......d.......i.......i.......i...............i......-i......-i......-i1.....-i......Rich....................PE..d......g.........." .........p......T.....................................................`..............................................T...q..h...............................`\..@...T.......................(.......8................0...........................text............................... ..`.rdata..............................@..@.data...............................@....pdata...............`..............@..@.rsrc...............................@..@.reloc..`\.......^..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\VCRUNTIME140.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):97168
                                                                                                                                                                                                                            Entropy (8bit):6.424686954579329
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
                                                                                                                                                                                                                            MD5:A87575E7CF8967E481241F13940EE4F7
                                                                                                                                                                                                                            SHA1:879098B8A353A39E16C79E6479195D43CE98629E
                                                                                                                                                                                                                            SHA-256:DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
                                                                                                                                                                                                                            SHA-512:E112F267AE4C9A592D0DD2A19B50187EB13E25F23DED74C2E6CCDE458BCDAEE99F4E3E0A00BAF0E3362167AE7B7FE4F96ECBCD265CC584C1C3A4D1AC316E92F0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...Y.-a.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\VCRUNTIME140_1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):37240
                                                                                                                                                                                                                            Entropy (8bit):6.3017272133584585
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:5GnvMCmWEyhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+XfbRuncS74G5WreKWn14gHc:rCm5yhUcwrHY/ntTxT6ovq7nt+dN
                                                                                                                                                                                                                            MD5:37C372DA4B1ADB96DC995ECB7E68E465
                                                                                                                                                                                                                            SHA1:6C1B6CB92FF76C40C77F86EA9A917A5F854397E2
                                                                                                                                                                                                                            SHA-256:1554B5802968FDB2705A67CBB61585E9560B9E429D043A5AA742EF3C9BBFB6BF
                                                                                                                                                                                                                            SHA-512:926F081B1678C15DC649D7E53BFBE98E4983C9AD6CCDF11C9383CA1D85F2A7353D5C52BEBF867D6E155FF897F4702FC4DA36A8F4CF76B00CB842152935E319A6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...^.-a.........." .....:...6......`A..............................................7]....`A.........................................l.......m..x....................n..x#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\_bz2.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):80112
                                                                                                                                                                                                                            Entropy (8bit):6.430958049258642
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:/wz7h8B7BjhJCZePYgl/YS8xh2Nv0BIjMVHy:/wz18BrJCJglwlxINv0BIjMV
                                                                                                                                                                                                                            MD5:E877E39CC3C42ED1F5461E2D5E62FC0F
                                                                                                                                                                                                                            SHA1:156F62A163ACA4C5C5F6E8F846A1EDD9B073ED7E
                                                                                                                                                                                                                            SHA-256:4B1D29F19ADAF856727FA4A1F50EEE0A86C893038DFBA2E52F26C11AB5B3672F
                                                                                                                                                                                                                            SHA-512:D6579D07EDE093676CDCA0FB15AA2DE9FCD10FF4675919AB689D961DE113F6543EDBCEECF29430DA3F7121549F5450F4FE43D67B9EAB117E2A7D403F88501D51
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>;.m;.m;.m2.=m1.mi..l9.m].Sm8.mi..l7.mi..l3.mi..l?.m...l8.m/..l9.m;.md.m...l3.m...l:.m..Qm:.m...l:.mRich;.m................PE..d....`.a.........." .........^...............................................P......Q.....`.........................................@...H............0....... ..,............@......`...T...............................8............................................text...U........................... ..`.rdata...>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\_ctypes.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):119024
                                                                                                                                                                                                                            Entropy (8bit):5.950384810500538
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:1W66GKh4hqyIVQoavMSutBSfrS94eU9x3FIjBPl:86QKtkSubSfrSX4
                                                                                                                                                                                                                            MD5:C8F57695AF24A4F71DAFA887CE731EBC
                                                                                                                                                                                                                            SHA1:CC393263BAFCE2A37500E071ACB44F78E3729939
                                                                                                                                                                                                                            SHA-256:E3B69285F27A8AD97555BEBEA29628A93333DE203EE2FAE95B73B6B6D6C162B1
                                                                                                                                                                                                                            SHA-512:44A1FB805D9EF1A2D39B8C7D80F3545E527AB3B6BFC7ABD2F4B610F17C3E6AF2AE1FED3688A7CC93DA06938AE94E5E865B75937352D12F6B3C45E2D24B6AB731
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........S..D2a.D2a.D2a.MJ.B2a..G`.F2a..Gd.O2a..Ge.L2a..Gb.@2a..G`.F2a.PYe.E2a.PY`.B2a..[`.G2a.D2`..2a..Gl.B2a..Ga.E2a..G..E2a..Gc.E2a.RichD2a.........................PE..d....`.a.........." ................ [...................................................`..........................................Q.......Q..........................................T........................... ...8...............@............................text............................... ..`.rdata...k.......l..................@..@.data...T>...p...8...\..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\_decimal.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):247024
                                                                                                                                                                                                                            Entropy (8bit):6.507382866512779
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:KPEw6l3ZY3ipYnIq3Ur5gShoaMp9qWMa3pLW1AAl4h2w:lw6lKipSurHhOemh2w
                                                                                                                                                                                                                            MD5:95F1BE8C2D46AA4B5AD13F4FBB228C31
                                                                                                                                                                                                                            SHA1:0B520B00E4FC9347094FCB687C812D01B903E70C
                                                                                                                                                                                                                            SHA-256:F7864B8B37715A87F4F11D5CBFEFD5F1489399E064F7662FA0E0D7C5DF59D5E4
                                                                                                                                                                                                                            SHA-512:B3F6E94B7B4646954AF51DA36A80E0DE3E40C0B674C1ABFE735177635582A33492DAF14F39383644751618C2B1ECF05FF0877EB86BF6C9D5F197A951D596FDDC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.<.$.R.$.R.$.R.-...*.R.v.S.&.R.v.W.(.R.v.V.,.R.v.Q. .R...S.'.R.0.S.&.R.$.S...R...Q.%.R..._.+.R...R.%.R....%.R...P.%.R.Rich$.R.................PE..d....`.a.........." .....n...<......\...............................................U.....`..........................................E..P....E..................\(..............<...0...T...............................8............................................text....m.......n.................. ..`.rdata...............r..............@..@.data....)...`...$...J..............@....pdata..\(.......*...n..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\_hashlib.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):59120
                                                                                                                                                                                                                            Entropy (8bit):6.086945167584943
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:33RNYlTw3glkdw/b2nVnzYtnqLBfVCpYthafS90UZIjYI7vDG4yth:wTRidw/b26nOBfV5hafS7ZIjYIFy
                                                                                                                                                                                                                            MD5:4FB84E5D3F58453D7CCBF7BCC06266A0
                                                                                                                                                                                                                            SHA1:15FD2D345EC3A7F4D337450D4F55D1997FAE0694
                                                                                                                                                                                                                            SHA-256:DF47255C100D9CC033A14C7D60051ABE89C24DA9C60362FE33CDF24C19651F7C
                                                                                                                                                                                                                            SHA-512:1CA574E9E58CED8D4B2A87A119A2DB9874CD1F6CEDEF5D7CBF49ABF324FB0D9FB89D8AAC7E7DFEFBEB00F6834719ED55110BCB36056E0DF08B36576FFD4DB84C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........@...@...@...I.m.D.......B.......K.......H.......C.......B...T...B.......C...@...........A.......A.......A.......A...Rich@...........PE..d....`.a.........." .....R...z......`>..............................................\.....`.............................................P...`........................................y..T............................y..8............p..x............................text....P.......R.................. ..`.rdata..BM...p...N...V..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\_lzma.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):153328
                                                                                                                                                                                                                            Entropy (8bit):6.798408534093874
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:FD6xBrqs+vs0H0q8bnpbVZbXsAIcznfo9mNof5vSpFpBIjD1:FD63rcRLCV+SwYOf507
                                                                                                                                                                                                                            MD5:80DA699F55CA8ED4DF2D154F17A08583
                                                                                                                                                                                                                            SHA1:FBD6C7F3C72A6BA4185394209E80373177C2F8D7
                                                                                                                                                                                                                            SHA-256:2E3FD65C4E02C99A61344CE59E09EC7FDE74C671DB5F82A891732E1140910F20
                                                                                                                                                                                                                            SHA-512:15EA7CD4075940096A4AB66778A0320964562AA4AE2F6E1ACBE173CD5DA8855977C66F019FD343CFE8DACC3E410EDF933BCE117A4E9B542182BAD3023805FD44
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l..h...h...h.......h......h......h......h......h..o....h.......h...h..h..o....h..o....h..o....h..o....h..Rich.h..................PE..d....`.a.........." .....^...........2...............................................O....`.............................................L...,...x....`.......@.......:.......p..D...H{..T............................{..8............p...............................text....].......^.................. ..`.rdata.......p.......b..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..D....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\_queue.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):26856
                                                                                                                                                                                                                            Entropy (8bit):6.1823978416668455
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:ysfqkQfdUCUFYS9F6X06rE7SSVYptnHbFIjmUvDG4y8OZZ4h7n:yzdUC+F6rE7SSVY7FIjmUvDG4yf6h7
                                                                                                                                                                                                                            MD5:7E7D6DA688789AA48094EDA82BE671B7
                                                                                                                                                                                                                            SHA1:7BF245F638E549D32957A91E17FCB66DA5B00A31
                                                                                                                                                                                                                            SHA-256:9AD5BCF2A88E1FFFF3B8EE29235DC92CE48B7FCA4655E87CB6E4D71BD1150AFB
                                                                                                                                                                                                                            SHA-512:D4C722E741474FE430DD6B6BD5C76367CC01AE4331720D17ED37074AD10493CC96EB717F64E1451E856C863FBB886BDC761D5A2767548874BA67EABF57AC89BD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.a..~...~...~.......~..T....~..T....~..T....~..T....~......~.......~...~..N~......~......~......~......~..Rich.~..........................PE..d....`.a.........." .........6......................................................z.....`.........................................@C..L....C..d....p.......`.......L...............3..T...........................p3..8............0.. ............................text...*........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\_socket.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):74480
                                                                                                                                                                                                                            Entropy (8bit):6.115609697426734
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:7mtvsZWgzruIAt9/s+S+pz6c/+lVFIjBwYyV:a5IJzrAt9/sT+pz6c/SVFIjBw
                                                                                                                                                                                                                            MD5:7F25AB4019E6C759FC77383F523EF9AF
                                                                                                                                                                                                                            SHA1:5E6748CE7F6753195117FDC2820996B49FD8D3AF
                                                                                                                                                                                                                            SHA-256:D0497B79345B2C255F6274BAEA6AC44B74F345E111AB25BF6C91AF9B2A3F3B95
                                                                                                                                                                                                                            SHA-512:A179B22C61F661E4D9B17F56B6A7F66F2D8D8E1D2A9A8ACA3C4D6A9CB7755CE6D223BFBCA817C1098692A39B6FC20FFBDACEFD9BFB47FF02FFA47BADCA437514
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......rV..67..67..67..?Og.07..dB..47..dB.:7..dB.>7..dB..57...B..47.."\..17..67...7...B..77...B..77...B..77...B..77..Rich67..........PE..d....`.a.........." .....l...........%.......................................P......I.....`.............................................P............0....... ..<............@..........T..............................8............................................text...Vj.......l.................. ..`.rdata..Ts.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\_ssl.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):155888
                                                                                                                                                                                                                            Entropy (8bit):5.9267866538347596
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:3MYNRsSzeOfeC1uHv8MmTuzBTvh8VGH70NmHh4kwooSLteSdo9dBIjM7:3MYjPzeOfeYMvuuzcVADtho9d
                                                                                                                                                                                                                            MD5:CF2F95ECF1A72F8670177C081EEDEB04
                                                                                                                                                                                                                            SHA1:6652F432C86718FED9A83BE93E66EA5755986709
                                                                                                                                                                                                                            SHA-256:BA6025AB22D8E6C5AD53C66DC919F219A542E87540502905609B33DC0A8DDDD8
                                                                                                                                                                                                                            SHA-512:7E5DF920F6ACB671E78078E9C4FA3278AE838EA6BEF49C0AE44DE6A79923A3D7BCCF0FB3F0E477CA5092E23450494DEE265D8735B24D8026456E1328F6FE8B2E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H..w&..w&..w&......w&..'..w&..#..w&.."..w&..%..w&.q.'..w&..'..w&...'..w&..w'.Ev&.q.+..w&.q.&..w&.q....w&.q.$..w&.Rich.w&.........PE..d....`.a.........." ................l*..............................................Xv....`.............................................d............`.......P.......D.......p..8.......T...............................8...............x............................text...T........................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\_uuid.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20720
                                                                                                                                                                                                                            Entropy (8bit):6.176378811651125
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:2D/FdzSA+BW0aNBE/NDyPHFK0HDLlXKgOBIjDwJPDWpH4yhS/97HJv5pyBZH8ZX:kvEaNKFDyNnlXK5BIjDwJPDG4y8zUh
                                                                                                                                                                                                                            MD5:E40FD3E717AC6EDBB4238BBF9AFA7362
                                                                                                                                                                                                                            SHA1:C4AE109B8CB3DC91CFB7DA8E33BB0EF4B1C07A93
                                                                                                                                                                                                                            SHA-256:FE822F84185005B2F84189B51226A3591693EC7C936C2FC009139C36493F4CD8
                                                                                                                                                                                                                            SHA-512:730BD359A04F3BAE3BE70B5833AD8147F91DF9071B007BD9BFBD09EA332C685C1CE886B955FFC4801FF1AB7FA3354EEE3159A9D8ED0D6466E713992BE1327C6E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<I.R]'.R]'.R]'.[%..P]'..(&.P]'..(".Y]'..(#.Z]'..($.Q]'..(&.P]'.F6&.W]'.R]&.{]'..(/.S]'..('.S]'..(..S]'..(%.S]'.RichR]'.........PE..d....`.a.........." .........&...... ........................................p......F.....`......................................... )..L...l)..x....P.......@.......4.......`..<...."..T...........................`"..8............ ..0............................text...X........................... ..`.rdata..f.... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..<....`.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\base_library.zip

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):879278
                                                                                                                                                                                                                            Entropy (8bit):5.683530651321781
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:OVghgApCWymC6Shc1TBA4a2YcsduVwOsfJEw4W0SaMNN:OVghoVmhLa2PLVwOsfJEw4vMNN
                                                                                                                                                                                                                            MD5:5E0227944397E9075E254FE03249E61A
                                                                                                                                                                                                                            SHA1:01C3AB9740C31ED29A09B29F1EA3A0FCC6B3B08B
                                                                                                                                                                                                                            SHA-256:94085E85495CC0FDF278071BB80B230F8D1CFCAC87189FE0A85581B77E876D95
                                                                                                                                                                                                                            SHA-512:1ACBC098A89602C5D851F9421DC616F15B2026A78F78E7215C121FEFB5A815A6CE89914ECDBD4330E04158B008D34B295B2CF1E3666D7878E5BEBD4DCD76CEB3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:PK..........!.<L.{............_collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\certifi\cacert.pem

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):299427
                                                                                                                                                                                                                            Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                            MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                            SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                            SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                            SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer\md.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                            Entropy (8bit):4.82516630102953
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:700fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFOCQAASmHcX6g8H4ao:QFCk2z1/t12iwU5usJFqCyVcqgg
                                                                                                                                                                                                                            MD5:F4F7F634791F26FC62973350D5F89D9A
                                                                                                                                                                                                                            SHA1:6BE643BD21C74ED055B5A1B939B1F64B055D4673
                                                                                                                                                                                                                            SHA-256:45A043C4B7C6556F2ACFC827F2FF379365088C3479E8EE80C7F0A2CEB858DCC6
                                                                                                                                                                                                                            SHA-512:4325807865A76427D05039A2922F853287D420BCEBDA81F63A95BF58502E7DA0489060C4B6F6FFD65AA294E1E1C1F64560ADD5F024355922103C88B2CF1FD79B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................X...................................^............................4...........Rich....................PE..d...c#.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):122368
                                                                                                                                                                                                                            Entropy (8bit):5.903697891709302
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:5ewkbk74PoxchHGTm/SCtg5MbfFPjPNoSLn2dkp2A/2pQKP:5endPox6HGTOLtg6bfFhDLkkCpQK
                                                                                                                                                                                                                            MD5:47EE4516407B6DE6593A4996C3AE35E0
                                                                                                                                                                                                                            SHA1:293224606B31E45B10FB67E997420844AE3FE904
                                                                                                                                                                                                                            SHA-256:F646C3B72B5E7C085A66B4844B5AD7A9A4511D61B2D74153479B32C7AE0B1A4C
                                                                                                                                                                                                                            SHA-512:EFA245C6DB2AEE2D9DB7F99E33339420E54F371A17AF0CF7694DAF51D45AEBFBAC91FC52DDB7C53E9FC73B43C67D8D0A2CAA15104318E392C8987A0DAD647B81
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........VyR.7...7...7...O...7.......7...O...7.......7.......7.......7..JB...7...7..b7......7......7......7......7..Rich.7..........PE..d...b#.g.........." ...).6...........7.......................................0............`......................................... ...d.................................... ......@...................................@............P...............................text...(4.......6.................. ..`.rdata...Y...P...Z...:..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\libcrypto-1_1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3429624
                                                                                                                                                                                                                            Entropy (8bit):6.093870626224665
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:6uTKuk2i4IU6ixsOjPWJJrf129Pr1+leV6E3AH/vgpdbZ/NPL0asQa1CPwDv3uF3:6XH+n9Z+1obZ/10asv1CPwDv3uFfJLx
                                                                                                                                                                                                                            MD5:63C4F445B6998E63A1414F5765C18217
                                                                                                                                                                                                                            SHA1:8C1AC1B4290B122E62F706F7434517077974F40E
                                                                                                                                                                                                                            SHA-256:664C3E52F914E351BB8A66CE2465EE0D40ACAB1D2A6B3167AE6ACF6F1D1724D2
                                                                                                                                                                                                                            SHA-512:AA7BDB3C5BC8AEEFBAD70D785F2468ACBB88EF6E6CAC175DA765647030734453A2836F9658DC7CE33F6FFF0DE85CB701C825EF5C04018D79FA1953C8EF946AFD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.>y..P*..P*..P*v..*m.P*-.Q+}.P*-.U+t.P*-.T+w.P*-.S+{.P*k.Q+t.P*..Q*..P*).S+b.P*).T+..P*).P+~.P*).*~.P*).R+~.P*Rich..P*........PE..d.....'a.........." ......$...................................................4.......4...`.........................................@Q/..h....4.@....@4.|....@2......84......P4..O....,.8...........................P.,.8.............4..............................text...4.$.......$................. ..`.rdata..V.....$.......$.............@..@.data....z....1..,....1.............@....pdata.. ....@2.......1.............@..@.idata..^#....4..$....3.............@..@.00cfg..Q....04.......3.............@..@.rsrc...|....@4.......3.............@..@.reloc...x...P4..z....3.............@..B................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\libffi-7.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32792
                                                                                                                                                                                                                            Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                                            MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                                            SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                                            SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                                            SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\libssl-1_1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):695032
                                                                                                                                                                                                                            Entropy (8bit):5.528361289023932
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:EwIGh2Hjnl6uk51iNXuAX7TBElV57sldbeMR29XxSNreSZYrRnU2lvzsT:Uk51iNZyMR+keSZ6U2lvzsT
                                                                                                                                                                                                                            MD5:BD857F444EBBF147A8FCD1215EFE79FC
                                                                                                                                                                                                                            SHA1:1550E0D241C27F41C63F197B1BD669591A20C15B
                                                                                                                                                                                                                            SHA-256:B7C0E42C1A60A2A062B899C8D4EBD0C50EF956177BA21785CE07C517C143AEAF
                                                                                                                                                                                                                            SHA-512:2B85C1521EDEADF7E118610D6546FAFBBAD43C288A7F0F9D38D97C4423A541DFAC686634CDE956812916830FBB4AAD8351A23D95CD490C4A5C0F628244D30F0A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&v..G.^.G.^.G.^.?.^.G.^.2._.G.^.,._.G.^.2._.G.^.2._.G.^.2._.G.^.2._.G.^.G.^HF.^.2._.G.^.2._.G.^.2.^.G.^.2._.G.^Rich.G.^........................PE..d.....'a.........." .....8...L......<.....................................................`.........................................p+...N..HE..........s........K...~..........l.......8...............................8............0..H............................text....6.......8.................. ..`.rdata..z)...P...*...<..............@..@.data...QM.......D...f..............@....pdata...T.......V..................@..@.idata..PW...0...X..................@..@.00cfg..Q............X..............@..@.rsrc...s............Z..............@..@.reloc..]............b..............@..B................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):67072
                                                                                                                                                                                                                            Entropy (8bit):5.909456553599775
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                                            MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                                            SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                                            SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                                            SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\pyarmor_runtime_000000\pyarmor_runtime.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):632832
                                                                                                                                                                                                                            Entropy (8bit):6.201081085978214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:o324+uMvAgD0Tctjdcg7fUoPJpmm7nEQKDI4L:WXctjdcg7fUoPJpmm7nR
                                                                                                                                                                                                                            MD5:1364D866424B52AA63B19361A5FC1900
                                                                                                                                                                                                                            SHA1:295ED5DBDB19C5753879190CE23414F0D7C9492D
                                                                                                                                                                                                                            SHA-256:9061EB7E964FF55DDAD25689A207A4CD99E60ADEB734D3665664FB1CA5972C92
                                                                                                                                                                                                                            SHA-512:C9BE2D592BB2F3248BB229233997A9604319C8021B99CB19D88B27D7D95814EBEAFBB916105F3845D89E719A6A25D82D0AA31D253C0A0AA4C39939703F7CD613
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".............h..0..........a.............................................. .........................................].... ..D3...........@...$..............................................(...................(+...............................text...............................`.P`.data...0F... ...H..................@.`..rdata..`....p.......X..............@.`@.pdata...$...@...$..................@.0@.xdata...&...p...(...B..............@.0@.bss.....f............................`..edata..]............j..............@.0@.idata..D3... ...4...l..............@.0..CRT....X....`......................@.@..tls.........p......................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\python3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):61680
                                                                                                                                                                                                                            Entropy (8bit):5.923125956498207
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:ub8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJqj:ubwewnvtjnsfwQFIjB0Sy
                                                                                                                                                                                                                            MD5:64A9384C6B329FB089E4D1657A06B175
                                                                                                                                                                                                                            SHA1:BA0E6FCC3B1406356A40B9D8577B2E7CE69C4AEA
                                                                                                                                                                                                                            SHA-256:EC655CC34819D6A9677C0541FD7E7B2B8A92804E8BF73AEE692A9C44D1A24B5D
                                                                                                                                                                                                                            SHA-512:9593D38ABFD46BB94409838DD9CBE603FBE154FA0043959512AFC264DCEEC50D846EEFA409BCF9936EE1A7C7313604A578B4051EB6FD6918F2BEB0DA6C8EE532
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d...d...d.P.l...d.P.d...d.P.....d.P.f...d.Rich..d.........PE..d....`.a.........." ......................................................................`.........................................`...`...............................................T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\python310.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4471024
                                                                                                                                                                                                                            Entropy (8bit):6.4570242533143904
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:ap5nee18PwNpD10kamVxr3L8rVcTVNs8lPmARWnhF8eI/21eN7ocLlIk80HLBMZZ:ameTRdFLUS2AlFWkJHNMZINh
                                                                                                                                                                                                                            MD5:316CE972B0104D68847AB38ABA3DE06A
                                                                                                                                                                                                                            SHA1:CA1E227FD7F1CFB1382102320DADEF683213024B
                                                                                                                                                                                                                            SHA-256:34F0E44A0D089587E1EA48C1CC4C3164A1819C6DB27A7C1B746AF46D6388C26E
                                                                                                                                                                                                                            SHA-512:A11DA6590A71D977C62B1C26C275763413F6A455E6D85FA052654D05D845DBBE8122BBD8E0A23887F9873D4291382EBBD5DF19674AD2DDA1CF0FF3206054939B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................~....................................................b............|............Rich....................PE..d....`.a.........." ......#..R!..............................................PE.....(.D...`...........................................=.....X.=.|.....D.......B.4.....D.......D..t...M%.T...........................`M%.8.............#.(............................text.....#.......#................. ..`.rdata...#....#..$....#.............@..@.data.........>.......=.............@....pdata..4.....B.......A.............@..@PyRuntim`.....D.......C.............@....rsrc.........D.......C.............@..@.reloc...t....D..v....C.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32\pythoncom310.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):669184
                                                                                                                                                                                                                            Entropy (8bit):6.038501106256027
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:Z0t/kfQ/Uylo3H6J6vEGOIWGe3PVpdYqWMA:6t/kf1ylo33vp9KPFP
                                                                                                                                                                                                                            MD5:3B8B8691D5E5E80F54548A7E210D4339
                                                                                                                                                                                                                            SHA1:064C6BCDFAEF6662F3C1B243C1AA9AA8DAB520BB
                                                                                                                                                                                                                            SHA-256:007DF83330975B9A70F1700CC6DF11286D14D06987BE75D4B0B05452CB7B84F1
                                                                                                                                                                                                                            SHA-512:BA67915000A00B4A56F34A5035863228F3253004BB8B669DFF08848483D8D05CCE41E535A7142C18620E4F9F7BA85DA19F965D1B67DEC2B64F6296F34DD06638
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.~.T.-.T.-.T.-.,.-.T.-.!.,.T.-.!.,.T.-.!.,.T.-.!.,.T.-p!.,.T.-.,.,.T.-~!.,.T.-.,.,.T.-.T.-.U.-p!.,.T.-p!.,.T.-p!.,.T.-Rich.T.-........................PE..d...9..g.........." ................T.....................................................`..........................................U...c..(...........l....@...z............... ..P...T...............................8............................................text...C........................... ..`.rdata..x$.......&..................@..@.data....I..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\pywin32_system32\pywintypes310.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):134656
                                                                                                                                                                                                                            Entropy (8bit):5.995301814533339
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:MBdf5t5cspEpc/1utS9DNbtt1Y/r06Yrmu30mpEGNwX9iuu:MBdf5t5c/pW7nY/rk6y0mpEowX9i
                                                                                                                                                                                                                            MD5:C873CF87068A45FB47993AF23D8A3E12
                                                                                                                                                                                                                            SHA1:96A26436F22E3431D25661CEA7E5C2BCF3C7EE51
                                                                                                                                                                                                                            SHA-256:3813FC39304F64101E99F2C5378C0A72B784EFCAEA695FFEEDE5FF6EA06F097B
                                                                                                                                                                                                                            SHA-512:95975E39ECD6C60FFE0B973BAB9B5AE8C7B129EEDCEBCFE142EE2550C11385388CBCAFBF3CAA055E0A521D322948476C736FEDD473EB0C9BB5B3FCF4CEF311BD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ZI+.;'x.;'x.;'x.C.x.;'x.N&y.;'x.T.x.;'x.N"y.;'x.N#y.;'x.N$y.;'x.C#y.;'x1N&y.;'x.C&y.;'x.;&x.;'x?N.y.;'x?N'y.;'x?N%y.;'xRich.;'x........................PE..d......g.........." .........................................................P............`..........................................u..lB......,....0..l.......L............@..0....Q..T............................R..8............................................text............................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\select.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):25320
                                                                                                                                                                                                                            Entropy (8bit):6.263553120406061
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:OPjk/7e12hwheC9HqzYBsVhzFIjmGWDG4y8DiVhFC:kUC2hwhJHqsYpFIjmGWDG4ybVh4
                                                                                                                                                                                                                            MD5:589F030C0BAA8C47F7F8082A92B834F5
                                                                                                                                                                                                                            SHA1:6C0F575C0556B41E35E7272F0F858DCF90C192A7
                                                                                                                                                                                                                            SHA-256:B9EF1709ED4CD0FD72E4C4BA9B7702CB79D1619C11554EA06277F3DAC21BD010
                                                                                                                                                                                                                            SHA-512:6761C0E191795F504FC2D63FD866654869D8819C101DE51DF78FF071A8985541EEC9A9659626DFCB31024D25FD47EFF42CAA2AE85CC0DEB8A11113675FAC8500
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f ...N...N...N.......N..rO...N..rK...N..rJ...N..rM...N.[rO...N..lO...N...O...N.[rC...N.[rN...N.[r....N.[rL...N.Rich..N.................PE..d....`.a.........." .........0............................................................`.........................................`@..L....@..x....p.......`.......F..........H....2..T............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..H............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\unicodedata.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1117936
                                                                                                                                                                                                                            Entropy (8bit):5.373590441522219
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:zrlBMmuZ63NIQCb5Pfhnzr0ql8L8kdM7IRG5eeme6VZyrIBHdQLhfFE+uOL:vlBuzZV0m81MMREtV6Vo4uYOL
                                                                                                                                                                                                                            MD5:ABABF276D726328CA9A289F612F6904C
                                                                                                                                                                                                                            SHA1:32E6FC81F1D0CD3B7D2459E0AA053C0711466F84
                                                                                                                                                                                                                            SHA-256:89C93A672B649CD1E296499333DF5B3D9BA2FD28F9280233B56441C69C126631
                                                                                                                                                                                                                            SHA-512:6D18B28FB53FFE2EEBD2C5487B61F5586D693D69DD1693D3B14FB47CA0CD830E2BD60F8118693C2FF2DCB3995BBFCC703B6E3067E6B80E82B6F4666CA2A9C2CA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hQ$z,0J),0J),0J)%H.)*0J)~EK(.0J)~EO( 0J)~EN($0J)~EI(/0J).EK(/0J)8[K(.0J),0K)}0J).EG(-0J).EJ(-0J).E.)-0J).EH(-0J)Rich,0J)........PE..d....`.a.........." .....B..........`*.......................................@...........`.............................................X...(........ .......................0......0L..T............................L..8............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\win32\_win32sysloader.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14848
                                                                                                                                                                                                                            Entropy (8bit):5.113940315233747
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:RCm72PEO1jIUs0YqEcPbF55UgCWV4rofnDPQRD015dHvcqvn7ycIt/F/:RardA0Bzx14r6nDqCdhv+N/
                                                                                                                                                                                                                            MD5:587C3A0118B8F7C92C6D66639A6D6815
                                                                                                                                                                                                                            SHA1:4BF1F9B0F66BF0C9814B8355675E305959FFDE78
                                                                                                                                                                                                                            SHA-256:8776152A8BC78F7D241788C2E31172814604ED88DC5FA7D10F7A5F649EF2AAAF
                                                                                                                                                                                                                            SHA-512:0325611B4C17DFB4FC3E77D7CF4C0F394C1AA9420E70A6F8F0605D9B7C3FA3C34CE9142479A73FA111946D18ED1E0A9EE00E1378DDDED34D32F9CBDB2E0D738D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j.f.............'...,...|...,...e...,...|...%...|...&...|...-......-............../....../....../...Rich....................PE..d......g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\win32\win32api.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):132608
                                                                                                                                                                                                                            Entropy (8bit):5.862449818315769
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:z3/yGM9FDwORzlpKHiG4jNvZNWlRVFhLaNzvqqQvmuquXRPDwle:D6J9pNRznKCG6NRIlRVgvqqQ4uXRP
                                                                                                                                                                                                                            MD5:70F81DEC61A66E7656916034EEB53654
                                                                                                                                                                                                                            SHA1:8739E1BF230B9834649F4DC45C4C42B49F96E5E2
                                                                                                                                                                                                                            SHA-256:250CAC5963EB40FC9DFCB1205D9D3CA3E7A0E49C5863B7736D8D4DCB75E3E45E
                                                                                                                                                                                                                            SHA-512:39C72DAACECB54BE8E8088038CA9A1629356C6E4B5D723CC2C01E987C848AF97A762A5B16E5020D8BD0FC0B98D0B899621EE9DC3B86A99A45FA537FE1D3AC117
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V.p...p...p.......p.......p.......p.......p.......p.......p.......p.......p...p...q.......p.......p.......p..Rich.p..........................PE..d......g.........." .........................................................P............`.........................................P...............0..\....................@..X....v..T............................;..8............0.........@....................text............................... ..`.rdata..b....0......................@..@.data...X(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI60482\win32\win32trace.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):23552
                                                                                                                                                                                                                            Entropy (8bit):5.278083154463425
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:4eeH8ZmV+zknwMswDuVQO0T8Dmwel2/QE9BfEA45yn9uku1B+:E+zi/uVQZQ/QE9dcUiB
                                                                                                                                                                                                                            MD5:A9FA0D374A60D11D2C787A2E6BFC975D
                                                                                                                                                                                                                            SHA1:1D085C6242C9E56ED05E27355B4444979A2C56CD
                                                                                                                                                                                                                            SHA-256:48F49C4B575042A5BE98A7291CE91FE56B89B368608E6B12DACA3A6F9CB2DD55
                                                                                                                                                                                                                            SHA-512:52EF5B9D9AAC9D511A2DDF87F4E213877A7C01241A67A09FDC8AE572DB2BCFAC86692D1EF22D29D1ED469A1251F139B74FAF998A1D801925099F296C8368B2A0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)(U.HF..HF..HF..0...HF..=G..HF..=C..HF..=B..HF..=E..HF.(=G..HF.&=G..HF..0G..HF..HG..HF.(=O..HF.(=F..HF.(=D..HF.Rich.HF.........PE..d......g.........." .....,...,.......(....................................................`......................................... Q..T...tQ..........d....p.......................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...d............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\beaj0xj6

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                            Entropy (8bit):2.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:qn:qn
                                                                                                                                                                                                                            MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                                            SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                                            SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                                            SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:blat

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpghbk2ivq\gen_py\__init__.py

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):176
                                                                                                                                                                                                                            Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                            MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                            SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                            SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                            SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpghbk2ivq\gen_py\dicts.dat

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10
                                                                                                                                                                                                                            Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                            MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                            SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                            SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                            SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:..K....}..

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                            Entropy (8bit):7.996235926827306
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 74.95%
                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 12.51%
                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 12.50%
                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                                                                                                                                                                                                                            File name:zapret.exe
                                                                                                                                                                                                                            File size:10'527'204 bytes
                                                                                                                                                                                                                            MD5:ff130e918b140be5b7a4fe668950f220
                                                                                                                                                                                                                            SHA1:99a24e8d484d9b1d1b16ef535a372613ac0ca9b7
                                                                                                                                                                                                                            SHA256:c5e5e5439c6d507f2614f25403ed97f90240f07bb444d13a0a63ab31f2470fef
                                                                                                                                                                                                                            SHA512:76b41a6618f8f1d47bd38bf3fc17e45b0664d8672e20bd889f21b9c6d1a92f77f5d77782f37c072fc7e0edf493e60f1a4443f7fecbddb35b00a48e8f341e9b83
                                                                                                                                                                                                                            SSDEEP:196608:YV1Z2azjvj8p5drY+1LaWVh2ZqICteEroXxyNE+sKsXXgfntkKleX8FwGhUL:YVlj87duGInEroXesKkXgGspB
                                                                                                                                                                                                                            TLSH:0AB63320D3E1508DE5AB6A34C1B5CAA03870FC765BA1D46D475D83B97BCB6E1AFF1880
                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...56Zg.L.............(.....>... .............@....................................$D....`................................

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Entrypoint:0x1400010f6
                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                                                            Time Stamp:0x675A3635 [Thu Dec 12 01:02:45 2024 UTC]
                                                                                                                                                                                                                            TLS Callbacks:0x4000d900, 0x1, 0x4000d9c0, 0x1
                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                            Import Hash:cf8ad0ecdb3ba4aa29003f793248ec72

                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 30h
                                                                                                                                                                                                                            mov dword ptr [ebp-04h], 000000FFh
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [00020734h]
                                                                                                                                                                                                                            mov dword ptr [eax], 00000001h
                                                                                                                                                                                                                            call 00007F5DED0720E2h
                                                                                                                                                                                                                            mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                            mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 30h
                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 30h
                                                                                                                                                                                                                            mov dword ptr [ebp-04h], 000000FFh
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [00020705h]
                                                                                                                                                                                                                            mov dword ptr [eax], 00000000h
                                                                                                                                                                                                                            call 00007F5DED0720B3h
                                                                                                                                                                                                                            mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                            mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 30h
                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 70h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [ebp-10h], 00000000h
                                                                                                                                                                                                                            mov dword ptr [ebp-1Ch], 00000030h
                                                                                                                                                                                                                            mov eax, dword ptr [ebp-1Ch]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [ebp-28h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [eax+08h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [ebp-18h], eax
                                                                                                                                                                                                                            mov dword ptr [ebp-04h], 00000000h
                                                                                                                                                                                                                            jmp 00007F5DED0720C3h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            cmp eax, dword ptr [ebp-18h]
                                                                                                                                                                                                                            jne 00007F5DED0720ABh
                                                                                                                                                                                                                            mov dword ptr [ebp-04h], 00000001h
                                                                                                                                                                                                                            jmp 00007F5DED0720E7h
                                                                                                                                                                                                                            mov ecx, 000003E8h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [0002853Eh]
                                                                                                                                                                                                                            call eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [000206DDh]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [ebp-18h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [ebp+00h], eax

                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x290000x15fc.idata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000xf41c.rsrc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x250000xf84.pdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x3d0000x13c.reloc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x20aa00x28.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x295800x4f0.idata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                            .text0x10000x182880x184009c2596c0592ccc58164011da4a9a4dcbFalse0.4415572648195876data6.157251229623974IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .data0x1a0000x1500x2001f4507ce14f5b191ac58401f2a214607False0.189453125data1.3808733002905107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .rdata0x1b0000x82400x8400794cad6ae32dc4a21569ba42e251687cFalse0.47502367424242425data6.53189637069924IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            /40x240000x40x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .pdata0x250000xf840x1000a3f39c632cda478403b28117d90d55acFalse0.472900390625data5.053753639531579IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .xdata0x260000xfd40x1000a79bae400f768025896b6ae65f75d76fFalse0.253173828125shared library4.373062033181509IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .bss0x270000x1ed00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .idata0x290000x15fc0x1600784cf13538071a0d21100682f50e9e8dFalse0.33203125data4.563031060063162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .CRT0x2b0000x600x200b2a3077f13c238ee9d4c75195b625433False0.06640625data0.26625055731160896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .tls0x2c0000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .rsrc0x2d0000xf41c0xf6004c8f6d330806f9f4616d141f80690999False0.8030678353658537data7.55489091318796IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .reloc0x3d0000x13c0x200484e5780829af3e901d85f83ce6155e3False0.490234375data3.5778946471700066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                            RT_ICON0x2d2080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                            RT_ICON0x2e0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                            RT_ICON0x2e9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                            RT_ICON0x2eec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                            RT_ICON0x383ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                            RT_ICON0x3a9940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                            RT_ICON0x3ba3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                            RT_GROUP_ICON0x3bea40x68data0.7019230769230769
                                                                                                                                                                                                                            RT_MANIFEST0x3bf0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                            ADVAPI32.dllConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetTokenInformation, OpenProcessToken
                                                                                                                                                                                                                            COMCTL32.dllLoadIconMetric
                                                                                                                                                                                                                            GDI32.dllCreateFontIndirectW, DeleteObject, SelectObject
                                                                                                                                                                                                                            KERNEL32.dllCloseHandle, CreateDirectoryW, CreateProcessW, CreateSymbolicLinkW, DeleteCriticalSection, EnterCriticalSection, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FormatMessageW, FreeLibrary, GetCommandLineW, GetCurrentProcess, GetEnvironmentVariableW, GetExitCodeProcess, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetStartupInfoW, GetTempPathW, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LocalFree, MulDiv, MultiByteToWideChar, SetConsoleCtrlHandler, SetDllDirectoryW, SetEnvironmentVariableW, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, __C_specific_handler
                                                                                                                                                                                                                            msvcrt.dll___lc_codepage_func, ___mb_cur_max_func, __argc, __iob_func, __set_app_type, __setusermatherr, __wargv, __wgetmainargs, __winitenv, _amsg_exit, _cexit, _commode, _errno, _filelengthi64, _fileno, _findclose, _fileno, _fmode, _get_osfhandle, _getpid, _initterm, _lock, _onexit, _snwprintf, _stat64, _strdup, _unlock, _wcmdln, _wcsdup, _wcsdup, _wfindfirst64, _wfindnext64, _wfopen, _wfullpath, _wputenv_s, _wremove, _wrmdir, _wstat64, _wtempnam, abort, calloc, clearerr, exit, fclose, feof, ferror, fflush, fgetpos, fprintf, fputc, fputwc, fread, free, fsetpos, fwprintf, fwrite, iswctype, localeconv, malloc, mbstowcs, memcmp, memcpy, memset, perror, realloc, setlocale, signal, strcat, strchr, strcmp, strcpy, strerror, strlen, strncat, strncmp, strncpy, strtok, strtoul, vfprintf, wcscat, wcschr, wcscmp, wcscpy, wcslen, wcsncpy, wcstombs
                                                                                                                                                                                                                            USER32.dllCreateWindowExW, DestroyIcon, DialogBoxIndirectParamW, DrawTextW, EndDialog, GetClientRect, GetDC, GetDialogBaseUnits, GetWindowLongPtrW, InvalidateRect, MessageBoxA, MessageBoxW, MoveWindow, ReleaseDC, SendMessageW, SetWindowLongPtrW, SystemParametersInfoW

                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.973503113 CET49705443192.168.2.5104.26.12.205
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.973548889 CET44349705104.26.12.205192.168.2.5
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.973633051 CET49705443192.168.2.5104.26.12.205
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.974443913 CET49705443192.168.2.5104.26.12.205
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.974457026 CET44349705104.26.12.205192.168.2.5
                                                                                                                                                                                                                            Dec 12, 2024 16:19:05.200443983 CET44349705104.26.12.205192.168.2.5
                                                                                                                                                                                                                            Dec 12, 2024 16:19:05.201116085 CET49705443192.168.2.5104.26.12.205
                                                                                                                                                                                                                            Dec 12, 2024 16:19:05.201154947 CET44349705104.26.12.205192.168.2.5
                                                                                                                                                                                                                            Dec 12, 2024 16:19:05.202312946 CET44349705104.26.12.205192.168.2.5
                                                                                                                                                                                                                            Dec 12, 2024 16:19:05.202393055 CET49705443192.168.2.5104.26.12.205
                                                                                                                                                                                                                            Dec 12, 2024 16:19:05.202972889 CET49705443192.168.2.5104.26.12.205
                                                                                                                                                                                                                            Dec 12, 2024 16:19:05.203116894 CET49705443192.168.2.5104.26.12.205

                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.830439091 CET6318053192.168.2.51.1.1.1
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.969192028 CET53631801.1.1.1192.168.2.5

                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.830439091 CET192.168.2.51.1.1.10xca31Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.969192028 CET1.1.1.1192.168.2.50xca31No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.969192028 CET1.1.1.1192.168.2.50xca31No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Dec 12, 2024 16:19:03.969192028 CET1.1.1.1192.168.2.50xca31No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false

                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                            Start time:10:19:00
                                                                                                                                                                                                                            Start date:12/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\zapret.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff6dff70000
                                                                                                                                                                                                                            File size:10'527'204 bytes
                                                                                                                                                                                                                            MD5 hash:FF130E918B140BE5B7A4FE668950F220
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                            Start time:10:19:01
                                                                                                                                                                                                                            Start date:12/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\zapret.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff6dff70000
                                                                                                                                                                                                                            File size:10'527'204 bytes
                                                                                                                                                                                                                            MD5 hash:FF130E918B140BE5B7A4FE668950F220
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_AntiVM_5, Description: Yara detected AntiVM_5, Source: 00000002.00000002.2091115283.00000193E30E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:5.9%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:17.9%
                                                                                                                                                                                                                              Total number of Nodes:1170
                                                                                                                                                                                                                              Total number of Limit Nodes:11
                                                                                                                                                                                                                              execution_graph 11720 7ff6dff7ac60 11722 7ff6dff7aab1 11720->11722 11723 7ff6dff7a91a 11720->11723 11721 7ff6dff7a390 4 API calls 11721->11723 11723->11721 11723->11722 11885 7ff6dff7b080 11887 7ff6dff7acf0 11885->11887 11886 7ff6dff7a390 4 API calls 11886->11887 11887->11886 11888 7ff6dff7ad5b 11887->11888 9484 7ff6dff710f6 9487 7ff6dff71154 9484->9487 9488 7ff6dff7118b 9487->9488 9489 7ff6dff711fd 9488->9489 9490 7ff6dff711f1 _amsg_exit 9488->9490 9491 7ff6dff71232 9489->9491 9492 7ff6dff7120a _initterm 9489->9492 9490->9491 9493 7ff6dff7124a _initterm 9491->9493 9494 7ff6dff71270 9491->9494 9492->9491 9493->9494 9503 7ff6dff7147c 9494->9503 9496 7ff6dff71309 9508 7ff6dff7d7e0 9496->9508 9499 7ff6dff7135d 9501 7ff6dff71117 9499->9501 9502 7ff6dff71367 _cexit 9499->9502 9500 7ff6dff71350 exit 9500->9499 9502->9501 9504 7ff6dff714a2 9503->9504 9505 7ff6dff714bd 9504->9505 9506 7ff6dff71558 9504->9506 9507 7ff6dff714dc malloc memcpy 9505->9507 9506->9496 9507->9504 9511 7ff6dff7d806 9508->9511 9509 7ff6dff7d888 memset 9510 7ff6dff7d8af 9509->9510 9514 7ff6dff716d0 9510->9514 9511->9509 9602 7ff6dff78e40 9514->9602 9516 7ff6dff716f3 9609 7ff6dff72160 calloc 9516->9609 9521 7ff6dff73c8a 9524 7ff6dff740bb 9521->9524 9623 7ff6dff77c80 9521->9623 9689 7ff6dff780b0 9524->9689 9813 7ff6dff72d90 9524->9813 9818 7ff6dff77120 9524->9818 9525 7ff6dff73cbc 9526 7ff6dff73fb8 9525->9526 9527 7ff6dff77c80 15 API calls 9525->9527 9531 7ff6dff77d70 12 API calls 9526->9531 9528 7ff6dff73cd4 9527->9528 9528->9526 9530 7ff6dff73cec free 9528->9530 9630 7ff6dff77d70 9530->9630 9533 7ff6dff73fd8 9531->9533 9535 7ff6dff72250 44 API calls 9533->9535 9534 7ff6dff73d06 9536 7ff6dff77d70 12 API calls 9534->9536 9537 7ff6dff73fe6 9535->9537 9538 7ff6dff73d0e 9536->9538 9540 7ff6dff72250 44 API calls 9537->9540 9559 7ff6dff73d6a 9537->9559 9633 7ff6dff72250 9538->9633 9541 7ff6dff73ff8 9540->9541 9543 7ff6dff7411e 9541->9543 9563 7ff6dff73f00 9541->9563 9545 7ff6dff72d90 10 API calls 9543->9545 9544 7ff6dff72250 44 API calls 9547 7ff6dff73d32 9544->9547 9545->9524 9547->9543 9549 7ff6dff73d3a 9547->9549 9550 7ff6dff73e58 9549->9550 9560 7ff6dff73d43 9549->9560 9745 7ff6dff744d0 9550->9745 9555 7ff6dff77010 FreeLibrary 9555->9563 9556 7ff6dff73e67 9556->9524 9751 7ff6dff78a10 malloc 9556->9751 9557 7ff6dff73d95 SetDllDirectoryW 9561 7ff6dff76e70 12 API calls 9557->9561 9558 7ff6dff74110 9564 7ff6dff72d90 10 API calls 9558->9564 9559->9524 9559->9557 9559->9558 9562 7ff6dff7409a 9559->9562 9559->9563 9572 7ff6dff73db1 9559->9572 9677 7ff6dff723b0 9559->9677 9685 7ff6dff76e70 calloc 9559->9685 9705 7ff6dff78ef0 9559->9705 9560->9559 9568 7ff6dff723b0 58 API calls 9560->9568 9561->9559 9570 7ff6dff76eb0 4 API calls 9562->9570 9563->9524 9563->9555 9563->9559 9565 7ff6dff76eb0 4 API calls 9563->9565 9575 7ff6dff73f13 9563->9575 9760 7ff6dff769e0 9563->9760 9775 7ff6dff76bd0 9563->9775 9803 7ff6dff76df0 9563->9803 9564->9524 9565->9563 9567 7ff6dff73eab 9567->9559 9571 7ff6dff740b0 fclose 9567->9571 9568->9559 9573 7ff6dff73f26 9570->9573 9571->9524 9718 7ff6dff76eb0 9572->9718 9653 7ff6dff73660 9573->9653 9578 7ff6dff76eb0 4 API calls 9575->9578 9577 7ff6dff73dbb strcmp 9580 7ff6dff73e10 9577->9580 9581 7ff6dff73dce 9577->9581 9582 7ff6dff73f1d 9578->9582 9730 7ff6dff73b90 9580->9730 9727 7ff6dff73c10 9581->9727 9582->9573 9582->9577 9587 7ff6dff73df7 strcpy 9587->9580 9588 7ff6dff73e20 9739 7ff6dff77010 9588->9739 9590 7ff6dff73f5a 9590->9524 9665 7ff6dff78680 9590->9665 9592 7ff6dff76eb0 4 API calls 9593 7ff6dff71340 9592->9593 9593->9499 9593->9500 9595 7ff6dff73f81 9596 7ff6dff77010 FreeLibrary 9595->9596 9597 7ff6dff73f8d 9596->9597 9598 7ff6dff76eb0 4 API calls 9597->9598 9599 7ff6dff73f97 9598->9599 9599->9524 9600 7ff6dff73fa4 9599->9600 9772 7ff6dff721a0 9600->9772 9605 7ff6dff78e5e 9602->9605 9603 7ff6dff78eb9 9603->9516 9605->9603 9606 7ff6dff78e91 9605->9606 9824 7ff6dff78d20 9605->9824 9607 7ff6dff78ea0 free 9606->9607 9607->9607 9608 7ff6dff78eb1 free 9607->9608 9608->9603 9610 7ff6dff7217d 9609->9610 9611 7ff6dff72178 9609->9611 9878 7ff6dff72f10 9610->9878 9611->9524 9613 7ff6dff74420 9611->9613 9886 7ff6dff7ee70 9613->9886 9616 7ff6dff7444c 9618 7ff6dff78d20 13 API calls 9616->9618 9617 7ff6dff74478 9619 7ff6dff72e70 10 API calls 9617->9619 9620 7ff6dff7445d 9618->9620 9621 7ff6dff7446a 9619->9621 9620->9621 9622 7ff6dff72d90 10 API calls 9620->9622 9621->9521 9622->9621 9624 7ff6dff77c8b 9623->9624 9625 7ff6dff78ef0 10 API calls 9624->9625 9626 7ff6dff77ca0 GetEnvironmentVariableW 9625->9626 9627 7ff6dff77cc8 ExpandEnvironmentStringsW 9626->9627 9629 7ff6dff77cb6 9626->9629 9628 7ff6dff78d20 13 API calls 9627->9628 9628->9629 9629->9525 9631 7ff6dff78ef0 10 API calls 9630->9631 9632 7ff6dff77d83 SetEnvironmentVariableW free 9631->9632 9632->9534 9634 7ff6dff7225e 9633->9634 9888 7ff6dff71a80 9634->9888 9637 7ff6dff71a80 fputc 9638 7ff6dff722ab 9637->9638 9650 7ff6dff72289 9638->9650 9891 7ff6dff71f20 9638->9891 9640 7ff6dff722ba 9640->9650 9919 7ff6dff74170 9640->9919 9644 7ff6dff722da 9645 7ff6dff72338 9644->9645 9646 7ff6dff722e2 9644->9646 9648 7ff6dff72d90 10 API calls 9645->9648 9647 7ff6dff74170 18 API calls 9646->9647 9649 7ff6dff722fc 9647->9649 9648->9650 9932 7ff6dff74210 9649->9932 9650->9544 9650->9559 9652 7ff6dff7230a strcpy 9652->9650 9654 7ff6dff73711 9653->9654 9655 7ff6dff73698 9653->9655 9654->9524 9660 7ff6dff77d10 9654->9660 9658 7ff6dff736e8 9655->9658 9975 7ff6dff71cd0 9655->9975 10019 7ff6dff73270 9655->10019 9658->9654 9659 7ff6dff721a0 free 9658->9659 9659->9658 9661 7ff6dff78ef0 10 API calls 9660->9661 9662 7ff6dff77d27 9661->9662 9663 7ff6dff78ef0 10 API calls 9662->9663 9664 7ff6dff77d37 _wputenv_s free free 9663->9664 9664->9590 9666 7ff6dff78690 9665->9666 9667 7ff6dff78ef0 10 API calls 9666->9667 9668 7ff6dff786be SetConsoleCtrlHandler GetStartupInfoW 9667->9668 9669 7ff6dff7872e 9668->9669 9670 7ff6dff78736 _get_osfhandle 9669->9670 9671 7ff6dff78759 _fileno _get_osfhandle 9670->9671 9672 7ff6dff7877d _fileno _get_osfhandle GetCommandLineW CreateProcessW 9671->9672 9673 7ff6dff787eb WaitForSingleObject GetExitCodeProcess 9672->9673 9674 7ff6dff78828 9672->9674 9673->9595 9675 7ff6dff72e70 10 API calls 9674->9675 9676 7ff6dff7883b 9675->9676 9676->9595 9678 7ff6dff723c1 9677->9678 9684 7ff6dff723e0 9677->9684 9679 7ff6dff721d0 2 API calls 9678->9679 9680 7ff6dff723cd 9679->9680 10290 7ff6dff77db0 9680->10290 9683 7ff6dff72d90 10 API calls 9683->9684 9684->9559 9686 7ff6dff76e8d 9685->9686 9687 7ff6dff76e88 9685->9687 9688 7ff6dff72f10 11 API calls 9686->9688 9687->9559 9688->9687 9690 7ff6dff780c6 9689->9690 9691 7ff6dff78ef0 10 API calls 9690->9691 9692 7ff6dff780f2 9691->9692 9693 7ff6dff780fd wcslen 9692->9693 9694 7ff6dff7811c wcscat 9693->9694 9695 7ff6dff78116 9693->9695 10373 7ff6dff7fa00 9694->10373 9695->9694 9696 7ff6dff78170 wcscat 9695->9696 9696->9694 9699 7ff6dff78147 _wrmdir 9699->9524 9701 7ff6dff781ae 9703 7ff6dff781de _findclose 9701->9703 9704 7ff6dff781f0 25 API calls 9701->9704 10393 7ff6dff7fae0 9701->10393 9703->9699 9704->9701 9706 7ff6dff78f03 9705->9706 9707 7ff6dff78f40 MultiByteToWideChar 9705->9707 9708 7ff6dff78f0d MultiByteToWideChar 9706->9708 9709 7ff6dff78fc8 9707->9709 9710 7ff6dff78f75 calloc 9707->9710 9711 7ff6dff78fa8 9708->9711 9717 7ff6dff78f2c 9708->9717 9713 7ff6dff72e70 7 API calls 9709->9713 9710->9708 9712 7ff6dff78f8b 9710->9712 9715 7ff6dff72e70 7 API calls 9711->9715 9714 7ff6dff72e70 7 API calls 9712->9714 9713->9717 9716 7ff6dff78fa0 9714->9716 9715->9717 9716->9717 9717->9559 9719 7ff6dff76efc 9718->9719 9720 7ff6dff76ec1 9718->9720 9719->9577 9721 7ff6dff76ecd free 9720->9721 9722 7ff6dff76ed2 9720->9722 9721->9722 9723 7ff6dff76ee3 9722->9723 9724 7ff6dff76ede free 9722->9724 9725 7ff6dff76ef4 free 9723->9725 9726 7ff6dff76eef free 9723->9726 9724->9723 9725->9719 9726->9725 9728 7ff6dff80070 fputc 9727->9728 9729 7ff6dff73c34 9728->9729 9729->9524 9729->9587 10401 7ff6dff76140 9730->10401 9733 7ff6dff73bcb 9733->9588 9737 7ff6dff73bbf 9737->9733 10480 7ff6dff766d0 9737->10480 9740 7ff6dff73e34 9739->9740 9743 7ff6dff77023 9739->9743 9740->9592 9741 7ff6dff770c7 9741->9740 10685 7ff6dff78650 FreeLibrary 9741->10685 9743->9740 9743->9741 10684 7ff6dff78650 FreeLibrary 9743->10684 9746 7ff6dff744dd 9745->9746 9747 7ff6dff78ef0 10 API calls 9746->9747 9748 7ff6dff744fe 9747->9748 9749 7ff6dff78ef0 10 API calls 9748->9749 9750 7ff6dff7450f _wfopen 9749->9750 9750->9556 9752 7ff6dff78af9 free 9751->9752 9753 7ff6dff78a3f 9751->9753 9752->9567 9754 7ff6dff7feb0 2 API calls 9753->9754 9756 7ff6dff78a4f 9754->9756 9756->9752 10686 7ff6dff7ffa0 9756->10686 9758 7ff6dff7feb0 2 API calls 9759 7ff6dff78a5f 9758->9759 9759->9752 9759->9758 9761 7ff6dff76a00 9760->9761 9764 7ff6dff76a08 9760->9764 9761->9563 9762 7ff6dff71ac0 31 API calls 9763 7ff6dff76a28 9762->9763 9763->9761 9765 7ff6dff76a34 strncpy strncpy strncpy 9763->9765 9764->9761 9764->9762 9766 7ff6dff74210 4 API calls 9765->9766 9767 7ff6dff76a89 calloc malloc malloc 9766->9767 9768 7ff6dff76b02 9767->9768 9769 7ff6dff76b61 9767->9769 9768->9769 9770 7ff6dff76b07 memcpy memcpy memcpy free 9768->9770 9771 7ff6dff72d90 10 API calls 9769->9771 9770->9761 9771->9761 9773 7ff6dff721ad free 9772->9773 9774 7ff6dff721c8 9772->9774 9773->9774 9774->9593 9776 7ff6dff7ee70 9775->9776 9777 7ff6dff76be6 calloc 9776->9777 9778 7ff6dff76dc0 strncpy 9777->9778 9797 7ff6dff76c0f 9777->9797 9779 7ff6dff76d28 strncpy 9778->9779 9780 7ff6dff74210 4 API calls 9779->9780 9782 7ff6dff76d50 strncpy 9780->9782 9783 7ff6dff74210 4 API calls 9782->9783 9786 7ff6dff76d7d 9783->9786 9784 7ff6dff76c30 memcpy 9785 7ff6dff74210 4 API calls 9784->9785 9789 7ff6dff76c54 strlen strlen 9785->9789 10696 7ff6dff741e0 9786->10696 9787 7ff6dff76ccc 9792 7ff6dff72d90 10 API calls 9787->9792 9788 7ff6dff76c8d strlen 9791 7ff6dff76d00 9788->9791 9788->9797 9793 7ff6dff71cd0 69 API calls 9789->9793 9791->9778 9796 7ff6dff76d09 9791->9796 9795 7ff6dff76ce0 free 9792->9795 9793->9797 9794 7ff6dff76d88 9798 7ff6dff74210 4 API calls 9794->9798 9795->9563 9799 7ff6dff74210 4 API calls 9796->9799 9797->9784 9797->9787 9797->9788 9800 7ff6dff76da0 9797->9800 10691 7ff6dff72350 9797->10691 9801 7ff6dff76d96 9798->9801 9799->9779 9802 7ff6dff72d90 10 API calls 9800->9802 9801->9795 9802->9801 9804 7ff6dff78610 12 API calls 9803->9804 9805 7ff6dff76e0b 9804->9805 9806 7ff6dff78610 12 API calls 9805->9806 9807 7ff6dff76e1e 9806->9807 9808 7ff6dff76e58 9807->9808 9809 7ff6dff76e39 9807->9809 9810 7ff6dff72d90 10 API calls 9808->9810 10717 7ff6dff774d0 GetProcAddress 9809->10717 9812 7ff6dff76e3e 9810->9812 9812->9563 9814 7ff6dff80070 fputc 9813->9814 9815 7ff6dff72dd2 9814->9815 9816 7ff6dff72cd0 10 API calls 9815->9816 9817 7ff6dff72de7 9816->9817 9817->9524 9820 7ff6dff77143 9818->9820 9819 7ff6dff77193 9819->9524 9820->9819 9821 7ff6dff72d90 10 API calls 9820->9821 9822 7ff6dff771f0 9821->9822 9823 7ff6dff77010 FreeLibrary 9822->9823 9823->9819 9825 7ff6dff78d33 9824->9825 9826 7ff6dff78d80 WideCharToMultiByte 9824->9826 9827 7ff6dff78d3d WideCharToMultiByte 9825->9827 9828 7ff6dff78dc7 calloc 9826->9828 9829 7ff6dff78e20 9826->9829 9831 7ff6dff78d72 9827->9831 9832 7ff6dff78e00 9827->9832 9828->9827 9833 7ff6dff78de1 9828->9833 9830 7ff6dff72e70 10 API calls 9829->9830 9830->9831 9831->9605 9834 7ff6dff72e70 10 API calls 9832->9834 9837 7ff6dff72e70 GetLastError 9833->9837 9834->9831 9846 7ff6dff80070 9837->9846 9841 7ff6dff72eca 9863 7ff6dff72ca0 9841->9863 9845 7ff6dff72f00 9845->9831 9847 7ff6dff800bb 9846->9847 9848 7ff6dff80092 9846->9848 9850 7ff6dff82185 fputc 9847->9850 9874 7ff6dff82185 9848->9874 9851 7ff6dff72ebe 9850->9851 9852 7ff6dff78b30 9851->9852 9853 7ff6dff78b3c 9852->9853 9854 7ff6dff78b4a FormatMessageW 9853->9854 9855 7ff6dff78bf8 GetLastError 9853->9855 9856 7ff6dff78b7c WideCharToMultiByte 9854->9856 9857 7ff6dff78bd0 9854->9857 9855->9854 9858 7ff6dff78c10 9856->9858 9862 7ff6dff78bc1 9856->9862 9859 7ff6dff72e70 7 API calls 9857->9859 9860 7ff6dff72e70 7 API calls 9858->9860 9861 7ff6dff78be3 9859->9861 9860->9862 9861->9841 9862->9841 9864 7ff6dff80070 fputc 9863->9864 9865 7ff6dff72cc4 9864->9865 9866 7ff6dff72cd0 9865->9866 9867 7ff6dff72cde 9866->9867 9868 7ff6dff78ef0 8 API calls 9867->9868 9869 7ff6dff72d2a 9868->9869 9870 7ff6dff72d70 MessageBoxA 9869->9870 9871 7ff6dff72d2f 9869->9871 9870->9845 9872 7ff6dff78ef0 8 API calls 9871->9872 9873 7ff6dff72d48 MessageBoxW 9872->9873 9873->9845 9877 7ff6dff821a4 9874->9877 9875 7ff6dff82b65 9875->9851 9876 7ff6dff801c0 fputc 9876->9877 9877->9875 9877->9876 9879 7ff6dff80070 fputc 9878->9879 9880 7ff6dff72f57 _errno 9879->9880 9881 7ff6dff72f64 9880->9881 9882 7ff6dff72ca0 fputc 9881->9882 9883 7ff6dff72f85 9882->9883 9884 7ff6dff72cd0 10 API calls 9883->9884 9885 7ff6dff72f9a 9884->9885 9885->9611 9887 7ff6dff7442c GetModuleFileNameW 9886->9887 9887->9616 9887->9617 9889 7ff6dff80070 fputc 9888->9889 9890 7ff6dff71a9d 9889->9890 9890->9637 9890->9650 9892 7ff6dff744d0 11 API calls 9891->9892 9893 7ff6dff71f3a 9892->9893 9894 7ff6dff78a10 5 API calls 9893->9894 9916 7ff6dff7211c 9893->9916 9895 7ff6dff71f73 9894->9895 9896 7ff6dff71f7b 9895->9896 9942 7ff6dff7feb0 9895->9942 9898 7ff6dff71f80 fclose 9896->9898 9897 7ff6dff72f10 11 API calls 9900 7ff6dff7213e 9897->9900 9898->9640 9900->9900 9902 7ff6dff71fad fread 9904 7ff6dff71fcd 9902->9904 9905 7ff6dff720e3 9902->9905 9903 7ff6dff720d0 9906 7ff6dff72f10 11 API calls 9903->9906 9908 7ff6dff7feb0 2 API calls 9904->9908 9907 7ff6dff72f10 11 API calls 9905->9907 9906->9905 9909 7ff6dff72103 9907->9909 9910 7ff6dff72016 malloc 9908->9910 9914 7ff6dff72d90 10 API calls 9909->9914 9911 7ff6dff72032 fread 9910->9911 9910->9916 9912 7ff6dff72048 9911->9912 9913 7ff6dff720b0 9911->9913 9912->9909 9918 7ff6dff72066 9912->9918 9915 7ff6dff72f10 11 API calls 9913->9915 9914->9916 9917 7ff6dff720c3 9915->9917 9916->9897 9917->9903 9918->9898 9920 7ff6dff7417c 9919->9920 9951 7ff6dff74140 9920->9951 9923 7ff6dff722cb 9927 7ff6dff721d0 strlen 9923->9927 9926 7ff6dff74140 fputc 9926->9923 9928 7ff6dff72200 9927->9928 9929 7ff6dff721f8 9927->9929 9928->9929 9930 7ff6dff72211 strncmp 9928->9930 9929->9644 9930->9928 9931 7ff6dff72227 9930->9931 9931->9644 9933 7ff6dff74140 fputc 9932->9933 9934 7ff6dff74231 9933->9934 9935 7ff6dff742a8 9934->9935 9936 7ff6dff74254 strlen 9934->9936 9935->9652 9936->9935 9937 7ff6dff74269 9936->9937 9938 7ff6dff74279 strncat 9937->9938 9939 7ff6dff74290 9937->9939 9940 7ff6dff7427e 9938->9940 9941 7ff6dff74295 strlen 9939->9941 9940->9652 9941->9940 9945 7ff6dff7fef0 9942->9945 9946 7ff6dff7ff36 9945->9946 9950 7ff6dff7ff0a 9945->9950 9947 7ff6dff7ff78 _errno 9946->9947 9946->9950 9948 7ff6dff71fa5 9947->9948 9948->9902 9948->9903 9949 7ff6dff7ff8a fsetpos 9949->9948 9950->9948 9950->9949 9952 7ff6dff80070 fputc 9951->9952 9953 7ff6dff74164 9952->9953 9953->9923 9954 7ff6dff7f220 9953->9954 9955 7ff6dff7f244 9954->9955 9956 7ff6dff7f25f setlocale 9955->9956 9957 7ff6dff7f24f _strdup 9955->9957 9958 7ff6dff7f6ab wcstombs realloc wcstombs setlocale free 9956->9958 9959 7ff6dff7f27e 9956->9959 9957->9956 9960 7ff6dff741b2 9958->9960 9959->9958 9961 7ff6dff7f28d mbstowcs 9959->9961 9960->9926 9962 7ff6dff7ee70 9961->9962 9963 7ff6dff7f2e6 mbstowcs 9962->9963 9964 7ff6dff7f39b 9963->9964 9965 7ff6dff7f334 9963->9965 9966 7ff6dff7f6a1 9964->9966 9968 7ff6dff7f3cb 9964->9968 9965->9964 9967 7ff6dff7f375 setlocale free 9965->9967 9966->9958 9967->9960 9969 7ff6dff7f44a wcstombs realloc wcstombs 9968->9969 9973 7ff6dff7f44f wcstombs 9968->9973 9971 7ff6dff7f67e setlocale free 9969->9971 9971->9960 9973->9971 9974 7ff6dff7f5d5 9973->9974 9974->9971 9976 7ff6dff71ed0 9975->9976 9977 7ff6dff71cef 9975->9977 9978 7ff6dff72d90 10 API calls 9976->9978 9979 7ff6dff71cf9 9977->9979 9980 7ff6dff71df0 9977->9980 9981 7ff6dff71dfb 9978->9981 10076 7ff6dff783e0 9979->10076 10120 7ff6dff71c30 9980->10120 9981->9655 9984 7ff6dff71df5 9984->9981 9988 7ff6dff72d90 10 API calls 9984->9988 9986 7ff6dff71d18 9990 7ff6dff744d0 11 API calls 9986->9990 9987 7ff6dff71ee6 9989 7ff6dff72f10 11 API calls 9987->9989 9988->9981 9989->9981 9991 7ff6dff71d28 9990->9991 9992 7ff6dff71d34 9991->9992 9993 7ff6dff71e60 9991->9993 9994 7ff6dff7feb0 2 API calls 9992->9994 9995 7ff6dff72d90 10 API calls 9993->9995 9996 7ff6dff71d44 9994->9996 9997 7ff6dff71e74 9995->9997 9998 7ff6dff71d4c 9996->9998 9999 7ff6dff71eb0 9996->9999 10000 7ff6dff71e2b fclose 9997->10000 10002 7ff6dff71d56 malloc 9998->10002 10003 7ff6dff71e10 9998->10003 10001 7ff6dff72f10 11 API calls 9999->10001 10000->9655 10004 7ff6dff71e21 10001->10004 10006 7ff6dff71d6c 10002->10006 10007 7ff6dff71efe 10002->10007 10098 7ff6dff71710 10003->10098 10008 7ff6dff71e23 fclose 10004->10008 10009 7ff6dff71da6 fread 10006->10009 10017 7ff6dff71d74 free 10006->10017 10010 7ff6dff72f10 11 API calls 10007->10010 10008->10000 10011 7ff6dff71dcb 10009->10011 10012 7ff6dff71d80 fwrite 10009->10012 10013 7ff6dff71f14 10010->10013 10015 7ff6dff72f10 11 API calls 10011->10015 10012->10006 10014 7ff6dff71e90 10012->10014 10013->10004 10018 7ff6dff72f10 11 API calls 10014->10018 10015->10017 10017->10008 10018->10017 10020 7ff6dff73286 10019->10020 10244 7ff6dff73200 10020->10244 10023 7ff6dff733fd 10027 7ff6dff72d90 10 API calls 10023->10027 10042 7ff6dff7343e 10023->10042 10024 7ff6dff74170 18 API calls 10025 7ff6dff732ce 10024->10025 10026 7ff6dff74170 18 API calls 10025->10026 10028 7ff6dff732dd 10026->10028 10027->10023 10029 7ff6dff721d0 2 API calls 10028->10029 10030 7ff6dff732ed 10029->10030 10031 7ff6dff735d9 10030->10031 10032 7ff6dff732f9 10030->10032 10033 7ff6dff72d90 10 API calls 10031->10033 10249 7ff6dff731a0 10032->10249 10033->10023 10036 7ff6dff73458 10254 7ff6dff78500 10036->10254 10037 7ff6dff731a0 6 API calls 10039 7ff6dff73377 10037->10039 10039->10036 10041 7ff6dff7337f 10039->10041 10043 7ff6dff731a0 6 API calls 10041->10043 10042->9655 10045 7ff6dff733b1 10043->10045 10044 7ff6dff72d90 10 API calls 10044->10023 10047 7ff6dff731a0 6 API calls 10045->10047 10051 7ff6dff733b9 10045->10051 10046 7ff6dff734e0 10050 7ff6dff72160 12 API calls 10046->10050 10049 7ff6dff734a5 10047->10049 10048 7ff6dff733e3 strcmp 10048->10051 10060 7ff6dff733f3 10048->10060 10049->10051 10054 7ff6dff731a0 6 API calls 10049->10054 10052 7ff6dff734ed 10050->10052 10051->10046 10051->10048 10056 7ff6dff734d2 10051->10056 10052->10056 10274 7ff6dff73170 10052->10274 10053 7ff6dff7341a strcmp 10055 7ff6dff73430 10053->10055 10053->10060 10054->10051 10057 7ff6dff71cd0 69 API calls 10055->10057 10059 7ff6dff72d90 10 API calls 10056->10059 10057->10023 10059->10023 10060->10023 10060->10053 10062 7ff6dff73588 10063 7ff6dff72d90 10 API calls 10062->10063 10065 7ff6dff7359c 10063->10065 10064 7ff6dff73170 fputc 10066 7ff6dff7353b 10064->10066 10067 7ff6dff721a0 free 10065->10067 10066->10062 10068 7ff6dff73170 fputc 10066->10068 10067->10056 10069 7ff6dff73565 10068->10069 10069->10062 10070 7ff6dff71f20 21 API calls 10069->10070 10071 7ff6dff73584 10070->10071 10071->10062 10072 7ff6dff735e7 10071->10072 10073 7ff6dff72d90 10 API calls 10072->10073 10074 7ff6dff735f6 10073->10074 10075 7ff6dff721a0 free 10074->10075 10075->10056 10077 7ff6dff783ee 10076->10077 10131 7ff6dff77b80 10077->10131 10080 7ff6dff71d0c 10080->9986 10080->9987 10083 7ff6dff78434 10140 7ff6dff782d0 10083->10140 10084 7ff6dff78460 10085 7ff6dff7846b 10084->10085 10089 7ff6dff77c80 15 API calls 10084->10089 10087 7ff6dff784d0 10085->10087 10088 7ff6dff7846f 10085->10088 10090 7ff6dff72e00 10 API calls 10087->10090 10154 7ff6dff72e00 10088->10154 10092 7ff6dff784a4 10089->10092 10090->10080 10092->10088 10096 7ff6dff784b8 free 10092->10096 10093 7ff6dff744d0 11 API calls 10093->10080 10095 7ff6dff782d0 33 API calls 10097 7ff6dff7843f 10095->10097 10096->10085 10097->10080 10097->10093 10192 7ff6dff7a7c0 10098->10192 10100 7ff6dff71779 10101 7ff6dff719fb 10100->10101 10102 7ff6dff71783 malloc 10100->10102 10103 7ff6dff72d90 10 API calls 10101->10103 10104 7ff6dff71a52 10102->10104 10105 7ff6dff71799 malloc 10102->10105 10112 7ff6dff717eb 10103->10112 10106 7ff6dff72f10 11 API calls 10104->10106 10107 7ff6dff71a3b 10105->10107 10108 7ff6dff717af 10105->10108 10106->10104 10109 7ff6dff72f10 11 API calls 10107->10109 10110 7ff6dff717b3 fread 10108->10110 10109->10104 10111 7ff6dff717db ferror 10110->10111 10115 7ff6dff718f5 10110->10115 10111->10112 10111->10115 10112->10110 10112->10115 10116 7ff6dff718c4 10112->10116 10117 7ff6dff71852 fwrite 10112->10117 10196 7ff6dff7a870 10112->10196 10114 7ff6dff71902 free free 10114->10004 10115->10114 10116->10115 10118 7ff6dff72d90 10 API calls 10116->10118 10117->10116 10119 7ff6dff7187a ferror 10117->10119 10118->10115 10119->10112 10119->10116 10121 7ff6dff71c3e 10120->10121 10207 7ff6dff71ac0 10121->10207 10125 7ff6dff782d0 33 API calls 10126 7ff6dff71c6a 10125->10126 10127 7ff6dff71a80 fputc 10126->10127 10130 7ff6dff71ca9 free 10126->10130 10128 7ff6dff71c97 10127->10128 10128->10130 10232 7ff6dff745b0 10128->10232 10130->9984 10132 7ff6dff80070 fputc 10131->10132 10133 7ff6dff77b9d 10132->10133 10133->10080 10134 7ff6dff74340 10133->10134 10135 7ff6dff7434b 10134->10135 10136 7ff6dff78ef0 10 API calls 10135->10136 10137 7ff6dff74364 10136->10137 10159 7ff6dff7fdab 10137->10159 10141 7ff6dff782e0 10140->10141 10142 7ff6dff77b80 fputc 10141->10142 10143 7ff6dff78302 10142->10143 10144 7ff6dff783b9 10143->10144 10145 7ff6dff77b80 fputc 10143->10145 10144->10097 10146 7ff6dff7832c 10145->10146 10146->10144 10147 7ff6dff78337 strlen 10146->10147 10152 7ff6dff78354 10147->10152 10148 7ff6dff783d0 10148->10097 10149 7ff6dff78360 strlen 10149->10144 10150 7ff6dff78376 strlen strcpy strtok 10149->10150 10150->10148 10150->10152 10151 7ff6dff74340 15 API calls 10151->10152 10152->10144 10152->10148 10152->10149 10152->10151 10172 7ff6dff74570 10152->10172 10155 7ff6dff80070 fputc 10154->10155 10156 7ff6dff72e42 10155->10156 10157 7ff6dff72cd0 10 API calls 10156->10157 10158 7ff6dff72e57 10157->10158 10158->10095 10166 7ff6dff7fbc0 10159->10166 10161 7ff6dff7fdc7 10162 7ff6dff7fde8 free 10161->10162 10163 7ff6dff7fdf4 10161->10163 10162->10163 10164 7ff6dff74371 10163->10164 10165 7ff6dff7fdfa memset 10163->10165 10164->10083 10164->10084 10165->10164 10167 7ff6dff7fbdf 10166->10167 10171 7ff6dff7fc21 10166->10171 10168 7ff6dff7fbef wcslen 10167->10168 10167->10171 10170 7ff6dff7fc04 10168->10170 10168->10171 10169 7ff6dff7fd56 malloc memcpy 10169->10171 10170->10169 10170->10171 10171->10161 10173 7ff6dff7457b 10172->10173 10174 7ff6dff78ef0 10 API calls 10173->10174 10175 7ff6dff74594 10174->10175 10178 7ff6dff79070 10175->10178 10179 7ff6dff7ee70 10178->10179 10180 7ff6dff79082 GetCurrentProcess OpenProcessToken 10179->10180 10181 7ff6dff790c6 10180->10181 10182 7ff6dff79170 GetTokenInformation 10180->10182 10185 7ff6dff790cd free 10181->10185 10183 7ff6dff79197 GetLastError 10182->10183 10184 7ff6dff791a6 calloc 10182->10184 10183->10181 10183->10184 10184->10181 10186 7ff6dff791c8 GetTokenInformation 10184->10186 10187 7ff6dff790e6 _snwprintf LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 10185->10187 10188 7ff6dff790e0 CloseHandle 10185->10188 10186->10185 10189 7ff6dff791e7 ConvertSidToStringSidW 10186->10189 10190 7ff6dff79145 CreateDirectoryW 10187->10190 10191 7ff6dff7459c 10187->10191 10188->10187 10189->10185 10190->10191 10191->10152 10194 7ff6dff7a6d0 10192->10194 10193 7ff6dff7a733 10193->10100 10194->10193 10195 7ff6dff7a71e malloc 10194->10195 10195->10193 10197 7ff6dff7a8af 10196->10197 10199 7ff6dff7aab1 10197->10199 10200 7ff6dff7a390 10197->10200 10199->10112 10201 7ff6dff7a450 malloc 10200->10201 10202 7ff6dff7a3b2 10200->10202 10201->10202 10205 7ff6dff7a3fb 10201->10205 10203 7ff6dff7a428 memcpy 10202->10203 10204 7ff6dff7a3d2 memcpy 10202->10204 10203->10205 10204->10205 10206 7ff6dff7a490 memcpy 10204->10206 10205->10197 10206->10205 10208 7ff6dff744d0 11 API calls 10207->10208 10209 7ff6dff71ae2 10208->10209 10210 7ff6dff71bf0 10209->10210 10211 7ff6dff71aee 10209->10211 10212 7ff6dff72d90 10 API calls 10210->10212 10213 7ff6dff7feb0 2 API calls 10211->10213 10214 7ff6dff71b98 10212->10214 10215 7ff6dff71b00 10213->10215 10214->10125 10214->10130 10216 7ff6dff71b08 malloc 10215->10216 10217 7ff6dff71bd0 10215->10217 10218 7ff6dff71c06 10216->10218 10219 7ff6dff71b21 10216->10219 10220 7ff6dff72f10 11 API calls 10217->10220 10221 7ff6dff72f10 11 API calls 10218->10221 10222 7ff6dff71b2d 10219->10222 10223 7ff6dff71bb0 10219->10223 10226 7ff6dff71b35 10220->10226 10221->10226 10225 7ff6dff71b48 fread 10222->10225 10222->10226 10227 7ff6dff71b90 fclose 10222->10227 10224 7ff6dff71710 24 API calls 10223->10224 10229 7ff6dff71bc1 10224->10229 10225->10222 10228 7ff6dff71b6d 10225->10228 10226->10227 10227->10214 10230 7ff6dff72f10 11 API calls 10228->10230 10229->10227 10231 7ff6dff71b85 free 10229->10231 10230->10231 10231->10226 10233 7ff6dff745be 10232->10233 10234 7ff6dff78ef0 10 API calls 10233->10234 10235 7ff6dff745dd 10234->10235 10236 7ff6dff74650 10235->10236 10237 7ff6dff78ef0 10 API calls 10235->10237 10236->10130 10238 7ff6dff745fb 10237->10238 10238->10236 10239 7ff6dff74600 CreateSymbolicLinkW 10238->10239 10239->10236 10240 7ff6dff74626 10239->10240 10240->10236 10241 7ff6dff74630 GetLastError 10240->10241 10241->10236 10242 7ff6dff7463b 10241->10242 10243 7ff6dff745b0 10 API calls 10242->10243 10243->10236 10245 7ff6dff73170 fputc 10244->10245 10246 7ff6dff73220 10245->10246 10247 7ff6dff7324d 10246->10247 10248 7ff6dff73239 strcpy 10246->10248 10247->10023 10247->10024 10248->10247 10250 7ff6dff80070 fputc 10249->10250 10251 7ff6dff731d2 10250->10251 10252 7ff6dff731e6 10251->10252 10277 7ff6dff7f8fa 10251->10277 10252->10036 10252->10037 10255 7ff6dff7850d 10254->10255 10256 7ff6dff744d0 11 API calls 10255->10256 10257 7ff6dff78522 10256->10257 10258 7ff6dff783e0 40 API calls 10257->10258 10259 7ff6dff78530 10258->10259 10260 7ff6dff785f9 10259->10260 10261 7ff6dff785ec 10259->10261 10265 7ff6dff78545 10259->10265 10262 7ff6dff7346a 10260->10262 10263 7ff6dff785fe fclose 10260->10263 10261->10260 10264 7ff6dff785f1 fclose 10261->10264 10262->10042 10262->10044 10263->10262 10264->10260 10266 7ff6dff78560 fread 10265->10266 10273 7ff6dff785c1 fclose fclose 10265->10273 10267 7ff6dff78598 fwrite 10266->10267 10268 7ff6dff7857e ferror 10266->10268 10271 7ff6dff785ad ferror 10267->10271 10272 7ff6dff785b9 clearerr 10267->10272 10268->10265 10270 7ff6dff7858a clearerr 10268->10270 10270->10273 10271->10265 10271->10272 10272->10273 10273->10262 10275 7ff6dff80070 fputc 10274->10275 10276 7ff6dff7318d 10275->10276 10276->10062 10276->10064 10284 7ff6dff7f740 10277->10284 10279 7ff6dff7f916 10280 7ff6dff7f937 free 10279->10280 10281 7ff6dff7f943 10279->10281 10280->10281 10282 7ff6dff7f96a 10281->10282 10283 7ff6dff7f949 memset 10281->10283 10282->10252 10283->10282 10285 7ff6dff7f79e 10284->10285 10286 7ff6dff7f75f 10284->10286 10285->10279 10286->10285 10287 7ff6dff7f76e strlen 10286->10287 10287->10285 10289 7ff6dff7f783 10287->10289 10288 7ff6dff7f8b0 malloc memcpy 10288->10285 10289->10285 10289->10288 10291 7ff6dff77dc6 10290->10291 10292 7ff6dff77fa0 10291->10292 10293 7ff6dff77c80 15 API calls 10291->10293 10294 7ff6dff77eee GetTempPathW _getpid 10292->10294 10295 7ff6dff77de4 10293->10295 10340 7ff6dff77b50 10294->10340 10297 7ff6dff78ef0 10 API calls 10295->10297 10299 7ff6dff77df4 10297->10299 10301 7ff6dff78060 10299->10301 10302 7ff6dff77e00 ExpandEnvironmentStringsW free 10299->10302 10300 7ff6dff77f24 _wtempnam 10303 7ff6dff79070 13 API calls 10300->10303 10304 7ff6dff72d90 10 API calls 10301->10304 10305 7ff6dff77e29 10302->10305 10306 7ff6dff78030 10302->10306 10307 7ff6dff77f38 10303->10307 10318 7ff6dff723dc 10304->10318 10343 7ff6dff79280 wcslen 10305->10343 10308 7ff6dff72d90 10 API calls 10306->10308 10310 7ff6dff77f3c free 10307->10310 10311 7ff6dff77fb8 10307->10311 10308->10318 10310->10300 10314 7ff6dff77f49 10310->10314 10312 7ff6dff78d20 13 API calls 10311->10312 10315 7ff6dff77fc9 free 10312->10315 10313 7ff6dff77e31 10316 7ff6dff77f88 _wcsdup 10313->10316 10317 7ff6dff77e39 _wfullpath 10313->10317 10314->10318 10321 7ff6dff77f57 10314->10321 10322 7ff6dff78000 10314->10322 10315->10318 10319 7ff6dff77fd6 10315->10319 10316->10292 10320 7ff6dff78071 10317->10320 10333 7ff6dff77e56 10317->10333 10318->9683 10318->9684 10325 7ff6dff78082 10319->10325 10326 7ff6dff77fdf 10319->10326 10327 7ff6dff72d90 10 API calls 10320->10327 10323 7ff6dff77d10 13 API calls 10321->10323 10324 7ff6dff78ef0 10 API calls 10322->10324 10328 7ff6dff77f66 free 10323->10328 10329 7ff6dff78011 SetEnvironmentVariableW free 10324->10329 10331 7ff6dff78ef0 10 API calls 10325->10331 10330 7ff6dff77d10 13 API calls 10326->10330 10327->10318 10328->10318 10329->10318 10335 7ff6dff77fee free 10330->10335 10332 7ff6dff78093 SetEnvironmentVariableW free 10331->10332 10332->10318 10334 7ff6dff77ec5 CreateDirectoryW _wputenv_s free 10333->10334 10338 7ff6dff77ea8 CreateDirectoryW wcschr 10333->10338 10334->10294 10336 7ff6dff78048 10334->10336 10335->10318 10337 7ff6dff72d90 10 API calls 10336->10337 10339 7ff6dff78054 10337->10339 10338->10333 10338->10334 10339->10318 10345 7ff6dff80110 10340->10345 10344 7ff6dff7929b 10343->10344 10344->10313 10346 7ff6dff8015b 10345->10346 10347 7ff6dff80132 10345->10347 10349 7ff6dff84c93 4 API calls 10346->10349 10351 7ff6dff84c93 _errno 10347->10351 10350 7ff6dff77b74 10349->10350 10350->10300 10356 7ff6dff84d10 10351->10356 10352 7ff6dff856ff 10353 7ff6dff85738 10352->10353 10357 7ff6dff82f08 10352->10357 10353->10350 10355 7ff6dff82f08 fputwc fwprintf fwprintf 10355->10356 10356->10352 10356->10355 10358 7ff6dff82f26 10357->10358 10359 7ff6dff82f64 10358->10359 10362 7ff6dff83039 10358->10362 10360 7ff6dff82fb5 fwprintf 10359->10360 10361 7ff6dff82f80 fwprintf 10359->10361 10363 7ff6dff82fea 10359->10363 10360->10363 10361->10363 10365 7ff6dff830a8 10362->10365 10369 7ff6dff82b80 10362->10369 10363->10353 10364 7ff6dff830e6 10364->10363 10368 7ff6dff82b80 fputwc 10364->10368 10365->10364 10367 7ff6dff82b80 fputwc 10365->10367 10367->10365 10368->10364 10370 7ff6dff82b9f 10369->10370 10371 7ff6dff82bd7 10370->10371 10372 7ff6dff82bc1 fputwc 10370->10372 10371->10362 10372->10371 10374 7ff6dff7fa31 10373->10374 10375 7ff6dff7fa65 memcpy 10374->10375 10376 7ff6dff7fa42 memset 10374->10376 10377 7ff6dff7813e 10375->10377 10376->10377 10377->9699 10378 7ff6dff781f0 10377->10378 10379 7ff6dff781fe 10378->10379 10380 7ff6dff78230 wcscmp 10379->10380 10392 7ff6dff78221 10379->10392 10381 7ff6dff78243 wcscat 10380->10381 10380->10392 10382 7ff6dff7825d 10381->10382 10383 7ff6dff78290 _wremove 10381->10383 10398 7ff6dff79210 FindFirstFileExW 10382->10398 10385 7ff6dff7829d Sleep _wremove 10383->10385 10383->10392 10385->10392 10387 7ff6dff782b8 _wrmdir 10387->10392 10388 7ff6dff78266 10389 7ff6dff78d20 13 API calls 10388->10389 10390 7ff6dff7827c 10389->10390 10391 7ff6dff780b0 24 API calls 10390->10391 10391->10392 10392->9701 10394 7ff6dff7fb11 10393->10394 10395 7ff6dff7fb41 memcpy 10394->10395 10396 7ff6dff7fb20 memset 10394->10396 10397 7ff6dff7fbb1 10395->10397 10396->10397 10397->9701 10399 7ff6dff79244 FindClose 10398->10399 10400 7ff6dff78262 10398->10400 10399->10400 10400->10387 10400->10388 10402 7ff6dff7614e 10401->10402 10484 7ff6dff76110 10402->10484 10405 7ff6dff76257 10407 7ff6dff72d90 10 API calls 10405->10407 10406 7ff6dff76180 10409 7ff6dff74210 4 API calls 10406->10409 10426 7ff6dff7618f 10406->10426 10425 7ff6dff73b9d 10407->10425 10408 7ff6dff74210 4 API calls 10410 7ff6dff761a4 10408->10410 10411 7ff6dff761f9 10409->10411 10413 7ff6dff761a9 10410->10413 10415 7ff6dff72d90 10 API calls 10410->10415 10412 7ff6dff761fe 10411->10412 10417 7ff6dff72d90 10 API calls 10411->10417 10414 7ff6dff74340 15 API calls 10412->10414 10487 7ff6dff78610 10413->10487 10418 7ff6dff76206 10414->10418 10415->10413 10417->10412 10423 7ff6dff78610 12 API calls 10418->10423 10418->10426 10419 7ff6dff761b1 10420 7ff6dff761bd 10419->10420 10421 7ff6dff76279 10419->10421 10490 7ff6dff75810 GetProcAddress 10420->10490 10422 7ff6dff72e70 10 API calls 10421->10422 10422->10425 10423->10426 10425->9733 10427 7ff6dff762a0 10425->10427 10426->10408 10623 7ff6dff74870 calloc 10427->10623 10430 7ff6dff762bc 10433 7ff6dff762cc 10430->10433 10434 7ff6dff76412 10430->10434 10431 7ff6dff76462 10432 7ff6dff72d90 10 API calls 10431->10432 10436 7ff6dff7638d 10432->10436 10437 7ff6dff762dd 10433->10437 10438 7ff6dff7647e 10433->10438 10435 7ff6dff72d90 10 API calls 10434->10435 10435->10436 10658 7ff6dff747e0 10436->10658 10638 7ff6dff74c30 10437->10638 10440 7ff6dff72d90 10 API calls 10438->10440 10440->10436 10443 7ff6dff762f4 10444 7ff6dff762fc 10443->10444 10445 7ff6dff7642a 10443->10445 10447 7ff6dff76438 10444->10447 10448 7ff6dff7630f 10444->10448 10446 7ff6dff72d90 10 API calls 10445->10446 10446->10436 10450 7ff6dff72d90 10 API calls 10447->10450 10650 7ff6dff74d60 10448->10650 10450->10436 10467 7ff6dff76490 strlen 10468 7ff6dff764cd 10467->10468 10469 7ff6dff765e9 10468->10469 10476 7ff6dff764d9 10468->10476 10470 7ff6dff72d90 10 API calls 10469->10470 10471 7ff6dff765c0 10470->10471 10471->9737 10472 7ff6dff765d8 10472->9737 10473 7ff6dff71ac0 31 API calls 10473->10476 10474 7ff6dff76583 10475 7ff6dff72d90 10 API calls 10474->10475 10478 7ff6dff76592 free 10475->10478 10476->10472 10476->10473 10476->10474 10479 7ff6dff7652b free 10476->10479 10478->10471 10479->10476 10481 7ff6dff766e3 10480->10481 10483 7ff6dff766e8 10480->10483 10481->9733 10483->10481 10676 7ff6dff76600 strlen 10483->10676 10485 7ff6dff80070 fputc 10484->10485 10486 7ff6dff76134 10485->10486 10486->10405 10486->10406 10488 7ff6dff78ef0 10 API calls 10487->10488 10489 7ff6dff78623 LoadLibraryExW free 10488->10489 10489->10419 10491 7ff6dff75839 GetProcAddress 10490->10491 10492 7ff6dff75cf6 10490->10492 10494 7ff6dff75d2c 10491->10494 10495 7ff6dff75855 GetProcAddress 10491->10495 10493 7ff6dff72e70 10 API calls 10492->10493 10620 7ff6dff75ced 10493->10620 10496 7ff6dff72e70 10 API calls 10494->10496 10497 7ff6dff75d17 10495->10497 10498 7ff6dff75871 GetProcAddress 10495->10498 10496->10620 10501 7ff6dff72e70 10 API calls 10497->10501 10499 7ff6dff7588d GetProcAddress 10498->10499 10500 7ff6dff75d56 10498->10500 10502 7ff6dff758a9 GetProcAddress 10499->10502 10503 7ff6dff75d41 10499->10503 10504 7ff6dff72e70 10 API calls 10500->10504 10501->10620 10505 7ff6dff75d98 10502->10505 10506 7ff6dff758c5 GetProcAddress 10502->10506 10507 7ff6dff72e70 10 API calls 10503->10507 10504->10620 10508 7ff6dff72e70 10 API calls 10505->10508 10509 7ff6dff75d80 10506->10509 10510 7ff6dff758e1 GetProcAddress 10506->10510 10507->10620 10508->10620 10513 7ff6dff72e70 10 API calls 10509->10513 10511 7ff6dff758fd GetProcAddress 10510->10511 10512 7ff6dff75d6b 10510->10512 10514 7ff6dff75919 GetProcAddress 10511->10514 10515 7ff6dff75db0 10511->10515 10516 7ff6dff72e70 10 API calls 10512->10516 10513->10620 10518 7ff6dff75935 GetProcAddress 10514->10518 10519 7ff6dff75e10 10514->10519 10517 7ff6dff72e70 10 API calls 10515->10517 10516->10620 10517->10620 10521 7ff6dff75df8 10518->10521 10522 7ff6dff75951 GetProcAddress 10518->10522 10520 7ff6dff72e70 10 API calls 10519->10520 10520->10620 10525 7ff6dff72e70 10 API calls 10521->10525 10523 7ff6dff7596d GetProcAddress 10522->10523 10524 7ff6dff75de0 10522->10524 10526 7ff6dff75dc8 10523->10526 10527 7ff6dff75989 GetProcAddress 10523->10527 10528 7ff6dff72e70 10 API calls 10524->10528 10525->10620 10529 7ff6dff72e70 10 API calls 10526->10529 10530 7ff6dff759a5 GetProcAddress 10527->10530 10531 7ff6dff75e70 10527->10531 10528->10620 10529->10620 10532 7ff6dff75e58 10530->10532 10533 7ff6dff759c1 GetProcAddress 10530->10533 10534 7ff6dff72e70 10 API calls 10531->10534 10535 7ff6dff72e70 10 API calls 10532->10535 10536 7ff6dff759dd GetProcAddress 10533->10536 10537 7ff6dff75e40 10533->10537 10534->10620 10535->10620 10539 7ff6dff75e28 10536->10539 10540 7ff6dff759f9 GetProcAddress 10536->10540 10538 7ff6dff72e70 10 API calls 10537->10538 10538->10620 10541 7ff6dff72e70 10 API calls 10539->10541 10542 7ff6dff75e88 10540->10542 10543 7ff6dff75a15 GetProcAddress 10540->10543 10541->10620 10544 7ff6dff72e70 10 API calls 10542->10544 10545 7ff6dff75ea0 10543->10545 10546 7ff6dff75a31 GetProcAddress 10543->10546 10544->10620 10549 7ff6dff72e70 10 API calls 10545->10549 10547 7ff6dff75a4d GetProcAddress 10546->10547 10548 7ff6dff75ed0 10546->10548 10550 7ff6dff75eb8 10547->10550 10551 7ff6dff75a69 GetProcAddress 10547->10551 10552 7ff6dff72e70 10 API calls 10548->10552 10549->10620 10555 7ff6dff72e70 10 API calls 10550->10555 10553 7ff6dff75f18 10551->10553 10554 7ff6dff75a85 GetProcAddress 10551->10554 10552->10620 10556 7ff6dff72e70 10 API calls 10553->10556 10557 7ff6dff75f00 10554->10557 10558 7ff6dff75aa1 GetProcAddress 10554->10558 10555->10620 10556->10620 10561 7ff6dff72e70 10 API calls 10557->10561 10559 7ff6dff75abd GetProcAddress 10558->10559 10560 7ff6dff75ee8 10558->10560 10562 7ff6dff75ad9 GetProcAddress 10559->10562 10563 7ff6dff75f30 10559->10563 10564 7ff6dff72e70 10 API calls 10560->10564 10561->10620 10566 7ff6dff75af5 GetProcAddress 10562->10566 10567 7ff6dff75f90 10562->10567 10565 7ff6dff72e70 10 API calls 10563->10565 10564->10620 10565->10620 10569 7ff6dff75f78 10566->10569 10570 7ff6dff75b11 GetProcAddress 10566->10570 10568 7ff6dff72e70 10 API calls 10567->10568 10568->10620 10573 7ff6dff72e70 10 API calls 10569->10573 10571 7ff6dff75b2d GetProcAddress 10570->10571 10572 7ff6dff75f60 10570->10572 10574 7ff6dff75f48 10571->10574 10575 7ff6dff75b49 GetProcAddress 10571->10575 10576 7ff6dff72e70 10 API calls 10572->10576 10573->10620 10577 7ff6dff72e70 10 API calls 10574->10577 10578 7ff6dff75b65 GetProcAddress 10575->10578 10579 7ff6dff75ff0 10575->10579 10576->10620 10577->10620 10580 7ff6dff75fd8 10578->10580 10581 7ff6dff75b81 GetProcAddress 10578->10581 10582 7ff6dff72e70 10 API calls 10579->10582 10583 7ff6dff72e70 10 API calls 10580->10583 10584 7ff6dff75b9d GetProcAddress 10581->10584 10585 7ff6dff75fc0 10581->10585 10582->10620 10583->10620 10587 7ff6dff75fa8 10584->10587 10588 7ff6dff75bb9 GetProcAddress 10584->10588 10586 7ff6dff72e70 10 API calls 10585->10586 10586->10620 10589 7ff6dff72e70 10 API calls 10587->10589 10590 7ff6dff75bd5 GetProcAddress 10588->10590 10591 7ff6dff76020 10588->10591 10589->10620 10593 7ff6dff76008 10590->10593 10594 7ff6dff75bf1 GetProcAddress 10590->10594 10592 7ff6dff72e70 10 API calls 10591->10592 10592->10620 10597 7ff6dff72e70 10 API calls 10593->10597 10595 7ff6dff75c0d GetProcAddress 10594->10595 10596 7ff6dff76050 10594->10596 10598 7ff6dff76038 10595->10598 10599 7ff6dff75c29 GetProcAddress 10595->10599 10600 7ff6dff72e70 10 API calls 10596->10600 10597->10620 10603 7ff6dff72e70 10 API calls 10598->10603 10601 7ff6dff75c45 GetProcAddress 10599->10601 10602 7ff6dff760b0 10599->10602 10600->10620 10604 7ff6dff76098 10601->10604 10605 7ff6dff75c61 GetProcAddress 10601->10605 10606 7ff6dff72e70 10 API calls 10602->10606 10603->10620 10607 7ff6dff72e70 10 API calls 10604->10607 10608 7ff6dff75c7d GetProcAddress 10605->10608 10609 7ff6dff76080 10605->10609 10606->10620 10607->10620 10610 7ff6dff76068 10608->10610 10611 7ff6dff75c99 GetProcAddress 10608->10611 10612 7ff6dff72e70 10 API calls 10609->10612 10615 7ff6dff72e70 10 API calls 10610->10615 10613 7ff6dff75cb5 GetProcAddress 10611->10613 10614 7ff6dff760e0 10611->10614 10612->10620 10616 7ff6dff760c8 10613->10616 10617 7ff6dff75cd1 GetProcAddress 10613->10617 10618 7ff6dff72e70 10 API calls 10614->10618 10615->10620 10619 7ff6dff72e70 10 API calls 10616->10619 10617->10620 10621 7ff6dff760f8 10617->10621 10618->10620 10619->10620 10620->10425 10622 7ff6dff72e70 10 API calls 10621->10622 10622->10620 10624 7ff6dff74b08 10623->10624 10633 7ff6dff7489e 10623->10633 10624->10430 10624->10431 10625 7ff6dff74b80 10626 7ff6dff74901 strncmp 10626->10633 10627 7ff6dff74925 strcmp 10627->10633 10628 7ff6dff749b0 calloc calloc 10630 7ff6dff74b00 10628->10630 10637 7ff6dff749e5 10628->10637 10629 7ff6dff74950 strcmp 10629->10633 10632 7ff6dff747e0 4 API calls 10630->10632 10631 7ff6dff74978 strcmp 10631->10633 10632->10624 10633->10625 10633->10626 10633->10627 10633->10628 10633->10629 10633->10631 10666 7ff6dff74670 strlen strncmp 10633->10666 10635 7ff6dff746e0 mbstowcs 10635->10637 10636 7ff6dff74670 strlen strncmp 10636->10637 10637->10624 10637->10630 10637->10635 10637->10636 10639 7ff6dff74ca8 10638->10639 10640 7ff6dff74c44 10638->10640 10641 7ff6dff74730 11 API calls 10639->10641 10644 7ff6dff74c46 10640->10644 10645 7ff6dff74c70 10640->10645 10642 7ff6dff74cbe 10641->10642 10642->10443 10643 7ff6dff74c98 10643->10443 10644->10643 10668 7ff6dff74730 10644->10668 10645->10643 10647 7ff6dff74730 11 API calls 10645->10647 10649 7ff6dff74c8d 10647->10649 10649->10443 10651 7ff6dff74d6e 10650->10651 10673 7ff6dff747b0 10651->10673 10654 7ff6dff74e3d 10655 7ff6dff747b0 fputc 10656 7ff6dff74dff 10655->10656 10656->10654 10657 7ff6dff78ef0 10 API calls 10656->10657 10657->10656 10659 7ff6dff73bb3 10658->10659 10660 7ff6dff747ee 10658->10660 10659->9733 10659->10467 10661 7ff6dff74816 free 10660->10661 10662 7ff6dff74800 free 10660->10662 10663 7ff6dff74846 free 10661->10663 10664 7ff6dff74826 10661->10664 10662->10661 10662->10662 10663->10659 10665 7ff6dff74830 free 10664->10665 10665->10663 10665->10665 10667 7ff6dff7469a 10666->10667 10667->10633 10669 7ff6dff78ef0 10 API calls 10668->10669 10670 7ff6dff7474a 10669->10670 10671 7ff6dff74795 10670->10671 10672 7ff6dff74769 free 10670->10672 10671->10443 10672->10671 10674 7ff6dff80070 fputc 10673->10674 10675 7ff6dff747d4 10674->10675 10675->10654 10675->10655 10677 7ff6dff76636 10676->10677 10678 7ff6dff766ac 10677->10678 10680 7ff6dff76676 10677->10680 10679 7ff6dff72d90 10 API calls 10678->10679 10682 7ff6dff76686 10679->10682 10681 7ff6dff72d90 10 API calls 10680->10681 10680->10682 10683 7ff6dff766a0 10681->10683 10682->10483 10683->10483 10684->9741 10685->9740 10689 7ff6dff7ffc0 fgetpos 10686->10689 10690 7ff6dff7ffb8 10689->10690 10690->9759 10692 7ff6dff7237b strcmp 10691->10692 10693 7ff6dff72367 10691->10693 10694 7ff6dff7238b 10692->10694 10695 7ff6dff72370 10692->10695 10693->9797 10694->9797 10695->10692 10695->10693 10699 7ff6dff7eeb0 setlocale 10696->10699 10700 7ff6dff7eeef setlocale 10699->10700 10701 7ff6dff7eedf _strdup 10699->10701 10702 7ff6dff7f18d wcstombs realloc wcstombs setlocale free 10700->10702 10703 7ff6dff7ef0e 10700->10703 10701->10700 10704 7ff6dff741f0 strcpy 10702->10704 10703->10702 10705 7ff6dff7ef1d mbstowcs 10703->10705 10704->9794 10706 7ff6dff7ee70 10705->10706 10707 7ff6dff7ef76 mbstowcs 10706->10707 10708 7ff6dff7efb6 10707->10708 10709 7ff6dff7f18a 10708->10709 10716 7ff6dff7efea 10708->10716 10709->10702 10710 7ff6dff7f09b wcstombs 10712 7ff6dff7f0bd 10710->10712 10713 7ff6dff7f0cb wcstombs 10710->10713 10711 7ff6dff7f100 wcstombs realloc wcstombs 10714 7ff6dff7f161 setlocale free 10711->10714 10712->10713 10713->10714 10715 7ff6dff7f0f6 10713->10715 10714->10704 10715->10714 10716->10710 10716->10711 10718 7ff6dff774fd GetProcAddress 10717->10718 10719 7ff6dff7784f 10717->10719 10720 7ff6dff77519 GetProcAddress 10718->10720 10721 7ff6dff77884 10718->10721 10722 7ff6dff72e70 10 API calls 10719->10722 10723 7ff6dff77535 GetProcAddress 10720->10723 10724 7ff6dff7786f 10720->10724 10725 7ff6dff72e70 10 API calls 10721->10725 10809 7ff6dff77845 10722->10809 10726 7ff6dff77551 GetProcAddress 10723->10726 10727 7ff6dff778ae 10723->10727 10728 7ff6dff72e70 10 API calls 10724->10728 10725->10809 10729 7ff6dff7756d GetProcAddress 10726->10729 10730 7ff6dff77899 10726->10730 10731 7ff6dff72e70 10 API calls 10727->10731 10728->10809 10732 7ff6dff77589 GetProcAddress 10729->10732 10733 7ff6dff778f0 10729->10733 10734 7ff6dff72e70 10 API calls 10730->10734 10731->10809 10735 7ff6dff778d8 10732->10735 10736 7ff6dff775a5 GetProcAddress 10732->10736 10737 7ff6dff72e70 10 API calls 10733->10737 10734->10809 10738 7ff6dff72e70 10 API calls 10735->10738 10739 7ff6dff778c3 10736->10739 10740 7ff6dff775c1 GetProcAddress 10736->10740 10737->10809 10738->10809 10741 7ff6dff72e70 10 API calls 10739->10741 10742 7ff6dff775dd GetProcAddress 10740->10742 10743 7ff6dff77908 10740->10743 10741->10809 10744 7ff6dff77968 10742->10744 10745 7ff6dff775f9 GetProcAddress 10742->10745 10746 7ff6dff72e70 10 API calls 10743->10746 10747 7ff6dff72e70 10 API calls 10744->10747 10748 7ff6dff77615 GetProcAddress 10745->10748 10749 7ff6dff77950 10745->10749 10746->10809 10747->10809 10751 7ff6dff77938 10748->10751 10752 7ff6dff77631 GetProcAddress 10748->10752 10750 7ff6dff72e70 10 API calls 10749->10750 10750->10809 10753 7ff6dff72e70 10 API calls 10751->10753 10754 7ff6dff7764d GetProcAddress 10752->10754 10755 7ff6dff77920 10752->10755 10753->10809 10756 7ff6dff779c8 10754->10756 10757 7ff6dff77669 GetProcAddress 10754->10757 10758 7ff6dff72e70 10 API calls 10755->10758 10759 7ff6dff72e70 10 API calls 10756->10759 10760 7ff6dff77685 GetProcAddress 10757->10760 10761 7ff6dff779b0 10757->10761 10758->10809 10759->10809 10762 7ff6dff77998 10760->10762 10763 7ff6dff776a1 GetProcAddress 10760->10763 10764 7ff6dff72e70 10 API calls 10761->10764 10767 7ff6dff72e70 10 API calls 10762->10767 10765 7ff6dff776bd GetProcAddress 10763->10765 10766 7ff6dff77980 10763->10766 10764->10809 10768 7ff6dff776d9 GetProcAddress 10765->10768 10769 7ff6dff779e0 10765->10769 10770 7ff6dff72e70 10 API calls 10766->10770 10767->10809 10771 7ff6dff779f8 10768->10771 10772 7ff6dff776f5 GetProcAddress 10768->10772 10773 7ff6dff72e70 10 API calls 10769->10773 10770->10809 10776 7ff6dff72e70 10 API calls 10771->10776 10774 7ff6dff77a28 10772->10774 10775 7ff6dff77711 GetProcAddress 10772->10775 10773->10809 10779 7ff6dff72e70 10 API calls 10774->10779 10777 7ff6dff7772d GetProcAddress 10775->10777 10778 7ff6dff77a10 10775->10778 10776->10809 10780 7ff6dff77749 GetProcAddress 10777->10780 10781 7ff6dff77a70 10777->10781 10782 7ff6dff72e70 10 API calls 10778->10782 10779->10809 10783 7ff6dff77a58 10780->10783 10784 7ff6dff77765 GetProcAddress 10780->10784 10785 7ff6dff72e70 10 API calls 10781->10785 10782->10809 10786 7ff6dff72e70 10 API calls 10783->10786 10787 7ff6dff77a40 10784->10787 10788 7ff6dff77781 GetProcAddress 10784->10788 10785->10809 10786->10809 10789 7ff6dff72e70 10 API calls 10787->10789 10790 7ff6dff7779d GetProcAddress 10788->10790 10791 7ff6dff77a88 10788->10791 10789->10809 10792 7ff6dff77ae8 10790->10792 10793 7ff6dff777b9 GetProcAddress 10790->10793 10794 7ff6dff72e70 10 API calls 10791->10794 10795 7ff6dff72e70 10 API calls 10792->10795 10796 7ff6dff777d5 GetProcAddress 10793->10796 10797 7ff6dff77ad0 10793->10797 10794->10809 10795->10809 10799 7ff6dff77ab8 10796->10799 10800 7ff6dff777f1 GetProcAddress 10796->10800 10798 7ff6dff72e70 10 API calls 10797->10798 10798->10809 10801 7ff6dff72e70 10 API calls 10799->10801 10802 7ff6dff7780d GetProcAddress 10800->10802 10803 7ff6dff77aa0 10800->10803 10801->10809 10804 7ff6dff77829 GetProcAddress 10802->10804 10805 7ff6dff77b00 10802->10805 10806 7ff6dff72e70 10 API calls 10803->10806 10808 7ff6dff77b18 10804->10808 10804->10809 10807 7ff6dff72e70 10 API calls 10805->10807 10806->10809 10807->10809 10810 7ff6dff72e70 10 API calls 10808->10810 10809->9812 10810->10809 11496 7ff6dff7b000 11497 7ff6dff7b00e 11496->11497 11498 7ff6dff7b02c memcpy 11497->11498 11500 7ff6dff7a91a 11497->11500 11498->11500 11499 7ff6dff7a390 4 API calls 11499->11500 11500->11499 11501 7ff6dff7aab1 11500->11501

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00007FF6DFF77DB0 Relevance: 49.2, APIs: 20, Strings: 8, Instructions: 188COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 0 7ff6dff77db0-7ff6dff77dd2 call 7ff6dff7ee70 3 7ff6dff77dd8-7ff6dff77dfa call 7ff6dff77c80 call 7ff6dff78ef0 0->3 4 7ff6dff77fa0-7ff6dff77fb0 0->4 13 7ff6dff78060-7ff6dff7806c call 7ff6dff72d90 3->13 14 7ff6dff77e00-7ff6dff77e23 ExpandEnvironmentStringsW free 3->14 6 7ff6dff77eee-7ff6dff77f1d GetTempPathW _getpid call 7ff6dff77b50 4->6 12 7ff6dff77f24-7ff6dff77f33 _wtempnam call 7ff6dff79070 6->12 19 7ff6dff77f38-7ff6dff77f3a 12->19 27 7ff6dff77f6e 13->27 17 7ff6dff77e29-7ff6dff77e33 call 7ff6dff79280 14->17 18 7ff6dff78030-7ff6dff7803c call 7ff6dff72d90 14->18 32 7ff6dff77f88-7ff6dff77f91 _wcsdup 17->32 33 7ff6dff77e39-7ff6dff77e50 _wfullpath 17->33 18->27 23 7ff6dff77f3c-7ff6dff77f47 free 19->23 24 7ff6dff77fb8-7ff6dff77fd4 call 7ff6dff78d20 free 19->24 23->12 29 7ff6dff77f49-7ff6dff77f4c 23->29 35 7ff6dff77ff6-7ff6dff77ffb 24->35 36 7ff6dff77fd6-7ff6dff77fd9 24->36 30 7ff6dff77f70-7ff6dff77f83 27->30 29->27 34 7ff6dff77f4e-7ff6dff77f51 29->34 32->4 37 7ff6dff77e56-7ff6dff77e85 call 7ff6dff891c0 33->37 38 7ff6dff78071-7ff6dff7807d call 7ff6dff72d90 33->38 39 7ff6dff77f57-7ff6dff77f69 call 7ff6dff77d10 free 34->39 40 7ff6dff78000-7ff6dff78027 call 7ff6dff78ef0 SetEnvironmentVariableW free 34->40 35->30 43 7ff6dff78082-7ff6dff780a9 call 7ff6dff78ef0 SetEnvironmentVariableW free 36->43 44 7ff6dff77fdf-7ff6dff77ff1 call 7ff6dff77d10 free 36->44 54 7ff6dff77e87 37->54 55 7ff6dff77ec5-7ff6dff77ee8 CreateDirectoryW _wputenv_s free 37->55 38->27 39->27 40->27 43->35 44->35 57 7ff6dff77e90-7ff6dff77ec3 call 7ff6dff891e0 CreateDirectoryW wcschr 54->57 55->6 58 7ff6dff78048-7ff6dff78054 call 7ff6dff72d90 55->58 57->55 58->27
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$CreateDirectoryEnvironment$ByteCharExpandMultiPathStringsTempVariableWide_getpid_wcsdup_wfullpath_wputenv_s_wtempnamwcschrwcslen
                                                                                                                                                                                                                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.$LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 2274789544-3119237222
                                                                                                                                                                                                                              • Opcode ID: 117cb1d8d2409357a02db56dd994dc834686c95f098a240ee8fe3759c3df1cf8
                                                                                                                                                                                                                              • Instruction ID: c271e22c152e286cb6793e196d0d99da6559543f42e01823f082908f65814ba2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 117cb1d8d2409357a02db56dd994dc834686c95f098a240ee8fe3759c3df1cf8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7861AB52F1D64240FA64AB23A9112FE8391AF49BC4F948437EC3EC77C6EE2CE425C240
                                                                                                                                                                                                                              Function 00007FF6DFF71154 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _initterm$_amsg_exit_cexitexit
                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                              • API String ID: 602970348-4108050209
                                                                                                                                                                                                                              • Opcode ID: 9905e89fe877ea847ce878e57ecea80b115fcac03c0dbd49d2c840cd9bbea999
                                                                                                                                                                                                                              • Instruction ID: 1096287b07b8139a3d7d187a53bc78fa1d6aa9ed2c783f792b60a51c742898dd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9905e89fe877ea847ce878e57ecea80b115fcac03c0dbd49d2c840cd9bbea999
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3761B176E19B0699FB509FA6E88036C23A4BB48B84F404436DE6CD73A5DF7CE464C700
                                                                                                                                                                                                                              Function 00007FF6DFF7A940 Relevance: 6.9, Strings: 5, Instructions: 602COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 570 7ff6dff7a940-7ff6dff7a943 571 7ff6dff7a976-7ff6dff7a996 570->571 572 7ff6dff7a945-7ff6dff7a947 570->572 575 7ff6dff7c37c-7ff6dff7c39a 571->575 576 7ff6dff7a99c-7ff6dff7a9b1 call 7ff6dff796c0 571->576 573 7ff6dff7a94d-7ff6dff7a94f 572->573 574 7ff6dff7b718-7ff6dff7b72c 572->574 577 7ff6dff7a960-7ff6dff7a974 573->577 579 7ff6dff7c3a4-7ff6dff7c3b7 575->579 585 7ff6dff7a9ba-7ff6dff7a9c7 576->585 577->571 580 7ff6dff7a958-7ff6dff7a95a 577->580 584 7ff6dff7c593-7ff6dff7c5a8 579->584 580->577 582 7ff6dff7b738-7ff6dff7b74e 580->582 587 7ff6dff7c5b0-7ff6dff7c5c8 584->587 585->574 586 7ff6dff7a9cd-7ff6dff7a9d5 585->586 588 7ff6dff7a9db-7ff6dff7a9fd 586->588 589 7ff6dff7ab80-7ff6dff7ab83 586->589 592 7ff6dff7aa03-7ff6dff7aa06 588->592 593 7ff6dff7bb10-7ff6dff7bb2b 588->593 590 7ff6dff7ab89-7ff6dff7ab8b 589->590 591 7ff6dff7c290 589->591 594 7ff6dff7c2c5-7ff6dff7c2d7 590->594 595 7ff6dff7ab91-7ff6dff7abb8 590->595 605 7ff6dff7c298-7ff6dff7c2a4 591->605 597 7ff6dff7aa38-7ff6dff7aa52 592->597 598 7ff6dff7aa08-7ff6dff7aa0c 592->598 596 7ff6dff7acf0-7ff6dff7ad15 593->596 603 7ff6dff7b613-7ff6dff7b62b 595->603 604 7ff6dff7abbe-7ff6dff7abc1 595->604 599 7ff6dff7ad17-7ff6dff7ad1b 596->599 600 7ff6dff7ad40-7ff6dff7ad4e call 7ff6dff7a390 596->600 601 7ff6dff7c068-7ff6dff7c079 597->601 602 7ff6dff7aa58-7ff6dff7aa5b 597->602 606 7ff6dff7aa20-7ff6dff7aa34 598->606 607 7ff6dff7aa0e 598->607 611 7ff6dff7ad6d-7ff6dff7ad85 599->611 612 7ff6dff7ad1d-7ff6dff7ad27 599->612 624 7ff6dff7ad53-7ff6dff7ad55 600->624 623 7ff6dff7c0c1-7ff6dff7c0cf 601->623 615 7ff6dff7c14a-7ff6dff7c16a 602->615 616 7ff6dff7aa61-7ff6dff7aa63 602->616 613 7ff6dff7b62d-7ff6dff7b62f 603->613 614 7ff6dff7b660-7ff6dff7b6a0 603->614 617 7ff6dff7abc7-7ff6dff7abca 604->617 618 7ff6dff7beb0-7ff6dff7bec7 604->618 605->594 609 7ff6dff7aa18-7ff6dff7aa1a 606->609 610 7ff6dff7aa36 606->610 608 7ff6dff7b862-7ff6dff7b86e 607->608 608->596 609->606 620 7ff6dff7b860 609->620 610->597 627 7ff6dff7ad87-7ff6dff7ad8a 611->627 628 7ff6dff7ad90-7ff6dff7adaf 611->628 612->611 621 7ff6dff7ad29-7ff6dff7ad31 612->621 613->574 629 7ff6dff7b635-7ff6dff7b637 613->629 632 7ff6dff7b6a2-7ff6dff7b6a8 614->632 633 7ff6dff7b6ae-7ff6dff7b6bc 614->633 625 7ff6dff7c368-7ff6dff7c372 call 7ff6dff796c0 615->625 626 7ff6dff7c170-7ff6dff7c18f call 7ff6dff79cc0 615->626 616->601 622 7ff6dff7aa69-7ff6dff7aa72 616->622 630 7ff6dff7aac0-7ff6dff7aae3 617->630 631 7ff6dff7abd0-7ff6dff7abf5 617->631 634 7ff6dff7c043-7ff6dff7c046 618->634 620->608 621->600 635 7ff6dff7ad33-7ff6dff7ad38 621->635 636 7ff6dff7aa76-7ff6dff7aa7b 622->636 637 7ff6dff7aa74 622->637 623->615 638 7ff6dff7ad5b-7ff6dff7ad69 624->638 639 7ff6dff7ba90-7ff6dff7baa0 624->639 625->575 676 7ff6dff7c197-7ff6dff7c1a4 626->676 627->628 642 7ff6dff7b760-7ff6dff7b77f 627->642 643 7ff6dff7b758 628->643 644 7ff6dff7adb5-7ff6dff7add8 628->644 645 7ff6dff7b648-7ff6dff7b65c 629->645 630->587 641 7ff6dff7aae9-7ff6dff7aaf8 630->641 646 7ff6dff7ac28-7ff6dff7ac38 631->646 647 7ff6dff7abf7-7ff6dff7abf9 631->647 632->623 632->633 661 7ff6dff7b6ca-7ff6dff7b6d6 633->661 634->605 649 7ff6dff7c04c-7ff6dff7c05a 634->649 635->611 652 7ff6dff7ad3a 635->652 636->601 653 7ff6dff7aa81-7ff6dff7aa9d 636->653 637->636 638->611 639->593 668 7ff6dff7ab01-7ff6dff7ab04 641->668 650 7ff6dff7b781-7ff6dff7b786 call 7ff6dff79cc0 642->650 651 7ff6dff7b7a0-7ff6dff7b7aa call 7ff6dff796c0 642->651 643->642 656 7ff6dff7adda-7ff6dff7ade2 644->656 657 7ff6dff7ade4-7ff6dff7ade7 644->657 658 7ff6dff7b640-7ff6dff7b642 645->658 659 7ff6dff7b65e 645->659 663 7ff6dff7be65-7ff6dff7be7b 646->663 664 7ff6dff7ac3e-7ff6dff7ac55 646->664 647->574 660 7ff6dff7abff-7ff6dff7ac01 647->660 649->601 682 7ff6dff7b78b-7ff6dff7b794 650->682 651->682 652->600 665 7ff6dff7acd5-7ff6dff7ace7 653->665 656->657 669 7ff6dff7aded-7ff6dff7ae08 656->669 657->669 670 7ff6dff7bea5 657->670 658->582 658->645 659->614 671 7ff6dff7ac10-7ff6dff7ac24 660->671 673 7ff6dff7b6db-7ff6dff7b6ea 661->673 663->584 672 7ff6dff7be81-7ff6dff7be83 663->672 664->665 665->596 677 7ff6dff7ab0a-7ff6dff7ab13 668->677 678 7ff6dff7b930-7ff6dff7b96c 668->678 670->618 679 7ff6dff7ac08-7ff6dff7ac0a 671->679 680 7ff6dff7ac26 671->680 672->670 673->676 681 7ff6dff7b6f0-7ff6dff7b70d 673->681 677->678 685 7ff6dff7ab19-7ff6dff7ab65 call 7ff6dff79e00 677->685 683 7ff6dff7b9bc-7ff6dff7b9be 678->683 684 7ff6dff7b96e-7ff6dff7b970 678->684 679->582 679->671 680->646 681->668 682->628 683->661 688 7ff6dff7b9c4-7ff6dff7b9c7 683->688 684->574 686 7ff6dff7b976-7ff6dff7b978 684->686 697 7ff6dff7ab6b-7ff6dff7ab77 685->697 698 7ff6dff7a91a-7ff6dff7a922 685->698 689 7ff6dff7b988-7ff6dff7b9b5 686->689 691 7ff6dff7b9cd-7ff6dff7b9de 688->691 692 7ff6dff7c1a9-7ff6dff7c1ed 688->692 695 7ff6dff7b9b7-7ff6dff7b9b9 689->695 696 7ff6dff7b980-7ff6dff7b982 689->696 699 7ff6dff7b9e0-7ff6dff7b9e3 691->699 693 7ff6dff7c25f-7ff6dff7c27c 692->693 694 7ff6dff7c1ef-7ff6dff7c1f1 692->694 693->699 703 7ff6dff7c282 693->703 694->574 702 7ff6dff7c1f7-7ff6dff7c205 694->702 695->683 696->582 696->689 697->585 700 7ff6dff7a928-7ff6dff7a933 698->700 701 7ff6dff7aab1-7ff6dff7aab7 698->701 699->634 704 7ff6dff7b9e9-7ff6dff7b9fe 699->704 700->570 701->669 705 7ff6dff7c218-7ff6dff7c256 702->705 703->673 704->585 706 7ff6dff7c258-7ff6dff7c25d 705->706 707 7ff6dff7c210-7ff6dff7c212 705->707 706->693 707->579 707->705
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: incorrect data check$invalid block type$invalid literal/length code$invalid stored block lengths$too many length or distance symbols
                                                                                                                                                                                                                              • API String ID: 0-817236767
                                                                                                                                                                                                                              • Opcode ID: 430c0e31359795c6af589a39dbb94035080cdf7c7e86497c090ee549743ec8ff
                                                                                                                                                                                                                              • Instruction ID: 9d9fd35e2c2b75d73786ae319bed5320037ee42f556f7161b1fcf893a99af45c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 430c0e31359795c6af589a39dbb94035080cdf7c7e86497c090ee549743ec8ff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4842D373E186928BE3608F25D48893EBBA5FB44784F124136DB6AC7794DF38E914DB00
                                                                                                                                                                                                                              Function 00007FF6DFF7B128 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid distances set$invalid literal/lengths set
                                                                                                                                                                                                                              • API String ID: 0-1153561608
                                                                                                                                                                                                                              • Opcode ID: a3d972cd1c7d583099c7879db60d45b8728866e57429499bfca41c4872f57655
                                                                                                                                                                                                                              • Instruction ID: a79ebceec3bec8b80e9e8084df4f33e6846ad356d82f893f3b1c2b60bf26562a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3d972cd1c7d583099c7879db60d45b8728866e57429499bfca41c4872f57655
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6F1D173E186928BD7508F24D488A2EB7E5FB44784F42413ADB6E87794DF38E964CB00
                                                                                                                                                                                                                              Function 00007FF6DFF79210 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                              • Opcode ID: eb7c6a06989ddef4747f29b0012c5ad72be63177b8c3b5e749435939b28fbb88
                                                                                                                                                                                                                              • Instruction ID: 817d1abeeec61d806c726f68d4419839b79ab8c19db1ec34bcc5740c3048348f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb7c6a06989ddef4747f29b0012c5ad72be63177b8c3b5e749435939b28fbb88
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4F03929A2D68182F7B0AB60E4083AE6790A784778F804735DA7982AD4CFBCC159CB00
                                                                                                                                                                                                                              Function 00007FF6DFF71CD0 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 139COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 63 7ff6dff71cd0-7ff6dff71ce9 64 7ff6dff71ed0-7ff6dff71ed7 call 7ff6dff72d90 63->64 65 7ff6dff71cef-7ff6dff71cf3 63->65 69 7ff6dff71edc-7ff6dff71ee1 64->69 67 7ff6dff71cf9-7ff6dff71d12 call 7ff6dff783e0 65->67 68 7ff6dff71df0-7ff6dff71df9 call 7ff6dff71c30 65->68 76 7ff6dff71d18-7ff6dff71d2e call 7ff6dff744d0 67->76 77 7ff6dff71ee6-7ff6dff71efc call 7ff6dff72f10 67->77 73 7ff6dff71dfb-7ff6dff71e09 68->73 75 7ff6dff71e48-7ff6dff71e58 call 7ff6dff72d90 68->75 69->73 75->73 84 7ff6dff71d34-7ff6dff71d46 call 7ff6dff7feb0 76->84 85 7ff6dff71e60-7ff6dff71e74 call 7ff6dff72d90 76->85 77->69 90 7ff6dff71d4c-7ff6dff71d50 84->90 91 7ff6dff71eb0-7ff6dff71ec1 call 7ff6dff72f10 84->91 92 7ff6dff71e2b-7ff6dff71e41 fclose 85->92 94 7ff6dff71d56-7ff6dff71d66 malloc 90->94 95 7ff6dff71e10-7ff6dff71e1c call 7ff6dff71710 90->95 96 7ff6dff71ec6-7ff6dff71ecb 91->96 98 7ff6dff71d6c-7ff6dff71d72 94->98 99 7ff6dff71efe-7ff6dff71f14 call 7ff6dff72f10 94->99 101 7ff6dff71e21 95->101 100 7ff6dff71e23-7ff6dff71e26 fclose 96->100 102 7ff6dff71da6-7ff6dff71dc9 fread 98->102 103 7ff6dff71d74 98->103 99->96 100->92 101->100 106 7ff6dff71dcb-7ff6dff71ddc call 7ff6dff72f10 102->106 107 7ff6dff71d80-7ff6dff71d97 fwrite 102->107 105 7ff6dff71e80-7ff6dff71e82 103->105 112 7ff6dff71de6-7ff6dff71dee free 105->112 113 7ff6dff71de1 106->113 109 7ff6dff71d9d-7ff6dff71da0 107->109 110 7ff6dff71e90-7ff6dff71ea6 call 7ff6dff72f10 107->110 109->102 109->105 110->113 112->100 113->112
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclose$_wfopenfreadfreemalloc
                                                                                                                                                                                                                              • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was C7Dlwp4kd!
                                                                                                                                                                                                                              • API String ID: 414440483-498630463
                                                                                                                                                                                                                              • Opcode ID: b6782f39934aa82cc09c84a776b5880bbadf23083a6aeb53fc693f201ec675a6
                                                                                                                                                                                                                              • Instruction ID: 05246da2006250e099fa28456880935e3c98904ff6c2c717346b15934599d74d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6782f39934aa82cc09c84a776b5880bbadf23083a6aeb53fc693f201ec675a6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB518F61F0D54361FA259726A8506FE9341AF05BD8F980137DE3D8B3D6EE2CF9698380
                                                                                                                                                                                                                              Function 00007FF6DFF7F220 Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 353COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 116 7ff6dff7f220-7ff6dff7f24d call 7ff6dff89148 119 7ff6dff7f25f-7ff6dff7f278 setlocale 116->119 120 7ff6dff7f24f-7ff6dff7f25b _strdup 116->120 121 7ff6dff7f6ab-7ff6dff7f721 wcstombs realloc wcstombs setlocale free 119->121 122 7ff6dff7f27e-7ff6dff7f287 119->122 120->119 123 7ff6dff7f728-7ff6dff7f734 121->123 122->121 124 7ff6dff7f28d-7ff6dff7f332 mbstowcs call 7ff6dff7ee70 mbstowcs 122->124 127 7ff6dff7f39b-7ff6dff7f3a0 124->127 128 7ff6dff7f334-7ff6dff7f33f 124->128 129 7ff6dff7f3bb-7ff6dff7f3c5 127->129 130 7ff6dff7f3a2-7ff6dff7f3b1 127->130 131 7ff6dff7f341-7ff6dff7f34c 128->131 132 7ff6dff7f34e-7ff6dff7f363 128->132 134 7ff6dff7f3cb-7ff6dff7f3db 129->134 135 7ff6dff7f6a1-7ff6dff7f6a4 129->135 130->129 133 7ff6dff7f3b3-7ff6dff7f3b8 130->133 131->127 131->132 136 7ff6dff7f3ba 132->136 137 7ff6dff7f365-7ff6dff7f373 132->137 133->129 139 7ff6dff7f431-7ff6dff7f43b 134->139 135->121 136->129 137->136 138 7ff6dff7f375-7ff6dff7f396 setlocale free 137->138 140 7ff6dff7f6a6-7ff6dff7f6a9 138->140 141 7ff6dff7f3dd-7ff6dff7f3e8 139->141 142 7ff6dff7f43d 139->142 140->123 144 7ff6dff7f3ea-7ff6dff7f3f5 141->144 145 7ff6dff7f3fe-7ff6dff7f409 141->145 143 7ff6dff7f440-7ff6dff7f448 142->143 146 7ff6dff7f44a-7ff6dff7f5f3 143->146 147 7ff6dff7f44f-7ff6dff7f45c 143->147 148 7ff6dff7f42c 144->148 149 7ff6dff7f3f7 144->149 150 7ff6dff7f40b-7ff6dff7f416 145->150 151 7ff6dff7f3f9 145->151 156 7ff6dff7f5f5-7ff6dff7f600 146->156 157 7ff6dff7f602-7ff6dff7f607 146->157 153 7ff6dff7f478-7ff6dff7f480 147->153 154 7ff6dff7f45e-7ff6dff7f469 147->154 148->139 149->145 150->151 155 7ff6dff7f418-7ff6dff7f422 150->155 151->145 159 7ff6dff7f4da-7ff6dff7f4f0 153->159 160 7ff6dff7f482-7ff6dff7f48d 153->160 154->147 158 7ff6dff7f46b-7ff6dff7f476 154->158 161 7ff6dff7f424-7ff6dff7f428 155->161 162 7ff6dff7f43f 155->162 156->157 164 7ff6dff7f609-7ff6dff7f615 156->164 165 7ff6dff7f61a-7ff6dff7f679 wcstombs realloc wcstombs 157->165 158->147 158->153 163 7ff6dff7f4f7-7ff6dff7f502 159->163 166 7ff6dff7f49c-7ff6dff7f4b1 160->166 167 7ff6dff7f48f-7ff6dff7f49a 160->167 161->148 162->143 168 7ff6dff7f504-7ff6dff7f50f 163->168 169 7ff6dff7f4f2 163->169 164->165 170 7ff6dff7f67e-7ff6dff7f69f setlocale free 165->170 166->159 171 7ff6dff7f4b3-7ff6dff7f4c2 166->171 167->159 167->166 168->169 172 7ff6dff7f511-7ff6dff7f51d 168->172 169->163 170->140 171->159 173 7ff6dff7f4c4-7ff6dff7f4d3 171->173 174 7ff6dff7f533-7ff6dff7f537 172->174 175 7ff6dff7f51f-7ff6dff7f531 172->175 173->159 176 7ff6dff7f4d5 173->176 177 7ff6dff7f53b-7ff6dff7f543 174->177 175->174 175->177 176->159 178 7ff6dff7f59a-7ff6dff7f5a4 177->178 179 7ff6dff7f5a6-7ff6dff7f5cf wcstombs 178->179 180 7ff6dff7f545-7ff6dff7f562 178->180 179->170 183 7ff6dff7f5d5-7ff6dff7f5e3 179->183 181 7ff6dff7f564-7ff6dff7f577 180->181 182 7ff6dff7f580-7ff6dff7f58b 180->182 181->178 184 7ff6dff7f579 181->184 185 7ff6dff7f58d-7ff6dff7f598 182->185 186 7ff6dff7f57b 182->186 183->170 184->182 185->178 185->186 186->182
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcstombs$setlocale$free$mbstowcsrealloc$_strdup
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 918573998-3944641314
                                                                                                                                                                                                                              • Opcode ID: 41934e68198dc64b29bdac14bfe1299ce3e94d695daf7b770437fea874cab5dc
                                                                                                                                                                                                                              • Instruction ID: b0bb3eca46c73ec4c6d61e9800e3e5428c6877fb6b3873fdff2a6a2fd9eaa479
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41934e68198dc64b29bdac14bfe1299ce3e94d695daf7b770437fea874cab5dc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DF13E66F04B5688EB508FAAC8412BD77B1FB48B98F804436DE5DA7798DF38D461C390
                                                                                                                                                                                                                              Function 00007FF6DFF79070 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen_snwprintfcallocfree
                                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                              • API String ID: 1339360106-2855260032
                                                                                                                                                                                                                              • Opcode ID: b8eb4d04586bf25c80075f4567351d1e3d5eb130d62a4fb9c3eb98d3ad1adc22
                                                                                                                                                                                                                              • Instruction ID: 48a51b509f4d847f11b596faf44128210a837b704dd3b94994606d07f91fbb39
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8eb4d04586bf25c80075f4567351d1e3d5eb130d62a4fb9c3eb98d3ad1adc22
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE315021A08A4242E7209F62B8047AE6361FB85BA8F544236EE7D87BD4DF7DE419C700
                                                                                                                                                                                                                              Function 00007FF6DFF71710 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 198fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 202 7ff6dff71710-7ff6dff7177d call 7ff6dff7a7c0 205 7ff6dff719fb-7ff6dff71a13 call 7ff6dff72d90 202->205 206 7ff6dff71783-7ff6dff71793 malloc 202->206 219 7ff6dff71a18-7ff6dff71a36 205->219 208 7ff6dff71a5a-7ff6dff71a71 call 7ff6dff72f10 206->208 209 7ff6dff71799-7ff6dff717a9 malloc 206->209 220 7ff6dff71a52 208->220 212 7ff6dff71a3b-7ff6dff71a4d call 7ff6dff72f10 209->212 213 7ff6dff717af 209->213 212->220 216 7ff6dff717b3-7ff6dff717d5 fread 213->216 217 7ff6dff717db-7ff6dff717e5 ferror 216->217 218 7ff6dff718f5 216->218 217->218 221 7ff6dff717eb-7ff6dff71805 217->221 222 7ff6dff718fa-7ff6dff71927 call 7ff6dff7c650 free * 2 218->222 223 7ff6dff71990-7ff6dff71998 219->223 220->208 224 7ff6dff71808-7ff6dff71824 call 7ff6dff7a870 221->224 226 7ff6dff71893-7ff6dff71895 223->226 233 7ff6dff7182a-7ff6dff7182d 224->233 234 7ff6dff718d0-7ff6dff718d3 224->234 226->224 229 7ff6dff7189b-7ff6dff718b5 226->229 231 7ff6dff718bb-7ff6dff718be 229->231 232 7ff6dff71a73-7ff6dff71a75 229->232 231->216 235 7ff6dff718c4-7ff6dff718cc 231->235 232->222 237 7ff6dff71833-7ff6dff7184c 233->237 238 7ff6dff71930-7ff6dff71936 233->238 236 7ff6dff718d9-7ff6dff718dc 234->236 234->237 235->222 239 7ff6dff718ce 235->239 240 7ff6dff718e2-7ff6dff718f0 call 7ff6dff72d90 236->240 241 7ff6dff71852-7ff6dff71874 fwrite 237->241 242 7ff6dff71940-7ff6dff71949 237->242 238->240 239->240 240->218 244 7ff6dff719ed-7ff6dff719f6 241->244 245 7ff6dff7187a-7ff6dff71889 ferror 241->245 242->226 246 7ff6dff7194f-7ff6dff71953 242->246 244->240 245->244 247 7ff6dff7188f 245->247 248 7ff6dff71955-7ff6dff71959 246->248 249 7ff6dff719a0-7ff6dff719eb 246->249 247->226 248->219 250 7ff6dff7195f-7ff6dff71962 248->250 249->223 250->223 251 7ff6dff71964-7ff6dff71975 250->251 251->223 252 7ff6dff71977-7ff6dff7198b 251->252 252->223
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc$ferrorfree$freadfwrite
                                                                                                                                                                                                                              • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                              • API String ID: 1635854594-1655038675
                                                                                                                                                                                                                              • Opcode ID: 33d0d6e286a1a718a14d17b4aa2d4f26cd3c2b2ee0e01d4c7f97d097f8584ac6
                                                                                                                                                                                                                              • Instruction ID: c0a2989b2f348435a473791c0552fceb6c917691929fc3a3497eed9a5517a961
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33d0d6e286a1a718a14d17b4aa2d4f26cd3c2b2ee0e01d4c7f97d097f8584ac6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D581A572E0C68291E7608B26E8403BEA3A0FB44BA8F544132DEAD877D5DF7CD559C740
                                                                                                                                                                                                                              Function 00007FF6DFF78680 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 99processsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_osfhandle$Process_fileno$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                              • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                              • API String ID: 2399235724-3524285272
                                                                                                                                                                                                                              • Opcode ID: 3b0030d9226d0a67f6fd8a2a69a505053b30f609f3f5ca2460bb49168f4bcb83
                                                                                                                                                                                                                              • Instruction ID: 7497dc90e2b607b2816a67bf43f3d738e048929d37efd09c1e4e18974d51fb92
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b0030d9226d0a67f6fd8a2a69a505053b30f609f3f5ca2460bb49168f4bcb83
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8415E32A08B8245EB209B65F8147AEB360EB857A4F404736EABD877D4DF7CD094CB40
                                                                                                                                                                                                                              Function 00007FF6DFF71F20 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 132COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freadmalloc$_wfopenfclosefree
                                                                                                                                                                                                                              • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 2617120823-2084260460
                                                                                                                                                                                                                              • Opcode ID: 221ca51adac32cd6e4dbaad49c459d1e072569c441f1db1919a3c8223de0b9bf
                                                                                                                                                                                                                              • Instruction ID: 043cdda40fdb1ef1b9a809d076d468cc2834f1fe66f82b4f194839115f8b96cc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 221ca51adac32cd6e4dbaad49c459d1e072569c441f1db1919a3c8223de0b9bf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0651ACA1F0964282EB148B25D4402BCA7A1EF88B98F648137DE2D877D9DF3CE525C744
                                                                                                                                                                                                                              Function 00007FF6DFF716D0 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 298stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 306 7ff6dff716d0-7ff6dff73c73 call 7ff6dff78e40 call 7ff6dff7ee70 call 7ff6dff72160 314 7ff6dff740ca 306->314 315 7ff6dff73c79-7ff6dff73c8c call 7ff6dff74420 306->315 317 7ff6dff740d8-7ff6dff740df call 7ff6dff780b0 314->317 315->314 320 7ff6dff73c92-7ff6dff73ca7 call 7ff6dff744a0 315->320 321 7ff6dff740e4 317->321 320->314 325 7ff6dff73cad-7ff6dff73cc2 call 7ff6dff77c80 320->325 324 7ff6dff740f0-7ff6dff740fd call 7ff6dff77120 321->324 332 7ff6dff74108-7ff6dff7410e 324->332 330 7ff6dff73fb8 325->330 331 7ff6dff73cc8-7ff6dff73cda call 7ff6dff77c80 325->331 334 7ff6dff73fc0 330->334 337 7ff6dff73fd0-7ff6dff73fe8 call 7ff6dff77d70 call 7ff6dff72250 331->337 338 7ff6dff73ce0-7ff6dff73ce6 331->338 335 7ff6dff740bb-7ff6dff740c5 call 7ff6dff72d90 332->335 334->337 335->314 349 7ff6dff73fea-7ff6dff73ffa call 7ff6dff72250 337->349 350 7ff6dff74050-7ff6dff7406c call 7ff6dff73600 337->350 338->334 340 7ff6dff73cec-7ff6dff73d17 free call 7ff6dff77d70 * 2 call 7ff6dff72250 338->340 356 7ff6dff73d1c-7ff6dff73d1e 340->356 357 7ff6dff74000 349->357 358 7ff6dff7411e-7ff6dff74130 call 7ff6dff72d90 349->358 361 7ff6dff74071-7ff6dff74074 call 7ff6dff723b0 350->361 359 7ff6dff73d24-7ff6dff73d34 call 7ff6dff72250 356->359 360 7ff6dff73ec0-7ff6dff73ed9 call 7ff6dff73600 356->360 366 7ff6dff74010-7ff6dff7401f call 7ff6dff76bd0 357->366 358->314 359->358 374 7ff6dff73d3a-7ff6dff73d3d 359->374 372 7ff6dff73edb-7ff6dff73edd 360->372 373 7ff6dff73ee3-7ff6dff73ee6 360->373 371 7ff6dff74079-7ff6dff7407c 361->371 382 7ff6dff74033-7ff6dff74047 call 7ff6dff77010 call 7ff6dff76eb0 366->382 383 7ff6dff74021-7ff6dff7402d call 7ff6dff76df0 366->383 371->314 376 7ff6dff7407e-7ff6dff74081 371->376 372->361 372->373 377 7ff6dff73eec-7ff6dff73eee 373->377 378 7ff6dff73d73-7ff6dff73d8f call 7ff6dff78ef0 373->378 379 7ff6dff73e58-7ff6dff73e6d call 7ff6dff744d0 374->379 380 7ff6dff73d43-7ff6dff73d5b call 7ff6dff73600 374->380 376->378 384 7ff6dff74087 call 7ff6dff76e70 376->384 377->376 385 7ff6dff73ef4-7ff6dff73efb 377->385 394 7ff6dff73d95-7ff6dff73dab SetDllDirectoryW call 7ff6dff76e70 378->394 395 7ff6dff74110-7ff6dff7411c call 7ff6dff72d90 378->395 379->332 399 7ff6dff73e73-7ff6dff73eb3 call 7ff6dff78a10 379->399 380->378 400 7ff6dff73d5d-7ff6dff73d60 380->400 382->350 383->324 383->382 397 7ff6dff7408c-7ff6dff74094 384->397 385->378 404 7ff6dff73f00-7ff6dff73f0d call 7ff6dff769e0 394->404 418 7ff6dff73db1-7ff6dff73db6 call 7ff6dff76eb0 394->418 395->314 403 7ff6dff7409a-7ff6dff740a4 call 7ff6dff76eb0 397->403 397->404 415 7ff6dff73eb9 399->415 416 7ff6dff740b0-7ff6dff740b5 fclose 399->416 400->378 401 7ff6dff73d62-7ff6dff73d6d call 7ff6dff723b0 400->401 401->314 401->378 423 7ff6dff73f26-7ff6dff73f35 call 7ff6dff73660 403->423 404->366 422 7ff6dff73f13-7ff6dff73f20 call 7ff6dff76eb0 404->422 415->360 416->335 425 7ff6dff73dbb-7ff6dff73dcc strcmp 418->425 422->423 422->425 423->314 432 7ff6dff73f3b-7ff6dff73f49 423->432 428 7ff6dff73e10-7ff6dff73e39 call 7ff6dff73b80 call 7ff6dff73b90 call 7ff6dff73bf0 call 7ff6dff77010 call 7ff6dff76eb0 425->428 429 7ff6dff73dce-7ff6dff73df1 call 7ff6dff73c10 425->429 453 7ff6dff73e3e-7ff6dff73e53 428->453 429->314 440 7ff6dff73df7-7ff6dff73e0b strcpy 429->440 435 7ff6dff73f4b 432->435 436 7ff6dff73f52-7ff6dff73f65 call 7ff6dff77d10 call 7ff6dff78670 432->436 435->436 436->314 448 7ff6dff73f6b-7ff6dff73f7c call 7ff6dff73c00 call 7ff6dff78680 436->448 440->428 455 7ff6dff73f81-7ff6dff73f9e call 7ff6dff77010 call 7ff6dff76eb0 448->455 455->317 460 7ff6dff73fa4-7ff6dff73fac call 7ff6dff721a0 455->460 460->453
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$EnvironmentVariablestrcpy$DirectoryFileModuleNamecallocstrcmp
                                                                                                                                                                                                                              • String ID: Cannot side-load external archive %s (code %d)!$Error opening archive IrNk6XIbAZ from executable (%s) or external archive (%s)$Failed to convert DLL search path!$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                              • API String ID: 2787634916-3664968274
                                                                                                                                                                                                                              • Opcode ID: d114abf2a6c0286cb0fce2ebc2cb0a65d087e8d562d0e5fb766c471fbb74f5e1
                                                                                                                                                                                                                              • Instruction ID: 83aba9533eaca010ce55228cc880f2d050f975e536582eeb88061daeff42b67a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d114abf2a6c0286cb0fce2ebc2cb0a65d087e8d562d0e5fb766c471fbb74f5e1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6C19D21E1C64390FA54AF22A8112BED790AF44BC0F544533EE6EC77E6EE3CF5658641
                                                                                                                                                                                                                              Function 00007FF6DFF780B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcscat$ByteCharMultiWide_wrmdirwcslen
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 3789554339-3944641314
                                                                                                                                                                                                                              • Opcode ID: b80c098a62a51ddb5917d45d678bd9e6a4253acbeb3c395510a388e241dafa2d
                                                                                                                                                                                                                              • Instruction ID: 3a79807f60ce151809273daf3a539580d4314bc22d292cbdff9c23e7b4075070
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b80c098a62a51ddb5917d45d678bd9e6a4253acbeb3c395510a388e241dafa2d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D21DD51F0854244EA60AA13AC056BE9751BB85FE5FD88933EE2E877C6DE7CE461C304
                                                                                                                                                                                                                              Function 00007FF6DFF783E0 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$_wfopenstrcpystrtok
                                                                                                                                                                                                                              • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                              • API String ID: 1482442392-3501660386
                                                                                                                                                                                                                              • Opcode ID: 99c8d790e39b5d19d5d809cd0c3d35328fcb743185708074d8d197c13bb0777c
                                                                                                                                                                                                                              • Instruction ID: 66986095362532970fccddaa31adabbbff24812e6ffd96b8422ebce680953f0d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99c8d790e39b5d19d5d809cd0c3d35328fcb743185708074d8d197c13bb0777c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE219461E0C60354F6209F23A9402BEA7919F447D5F648933ED3EC72D5EE6CE535C250
                                                                                                                                                                                                                              Function 00007FF6DFF781F0 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcscatwcscmp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3846154227-0
                                                                                                                                                                                                                              • Opcode ID: 89696ce61c69354e3eaa71e8a504126c42e2b2199c98373d144019cef2373950
                                                                                                                                                                                                                              • Instruction ID: aa7d4edda39be45c0bbf673dc59b7a66e14ec0891eec208b7a0d38cf84aaa781
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89696ce61c69354e3eaa71e8a504126c42e2b2199c98373d144019cef2373950
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE116650F4CA4244FA64AB62AC106FD97805F44FCAF688933ED2ED7682EE6CF565C200
                                                                                                                                                                                                                              Function 00007FF6DFF782D0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$strcpystrtok
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3698421117-0
                                                                                                                                                                                                                              • Opcode ID: 55a2033995f978e84d72f3aa462143611717ee05cc370c98b581bb1d74bbe295
                                                                                                                                                                                                                              • Instruction ID: b8475b2591d12c133d246253e671aff8f744a5e5112a542897883eb47202bfdb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55a2033995f978e84d72f3aa462143611717ee05cc370c98b581bb1d74bbe295
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD21AE61F0960341FA21A616A8153FE97819F45FE5F884533ED2EDB782EE2CE565C240
                                                                                                                                                                                                                              Function 00007FF6DFF7A390 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: mallocmemcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4276657696-0
                                                                                                                                                                                                                              • Opcode ID: fa80a0da89eec8e07f185bf2c0ac5f95c12a23c4aa8b502b2d1dbc2e35804dd2
                                                                                                                                                                                                                              • Instruction ID: 9ad26311ad2896df59047a370d1d04b18e08fdbab5e734bf02d5da2d2f8f4a33
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa80a0da89eec8e07f185bf2c0ac5f95c12a23c4aa8b502b2d1dbc2e35804dd2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0131A173B255418BD7609E26E88866EE7A1FB84B84F145135DB4ACBF50DE3DF4508B00
                                                                                                                                                                                                                              Function 00007FF6DFF78A10 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freemalloc
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 3061335427-3944641314
                                                                                                                                                                                                                              • Opcode ID: ca3332ee52e91b29ec7af119983718dbd2e66a66b775adcc654abdd1ac31d42e
                                                                                                                                                                                                                              • Instruction ID: bd066e40b249c5803f80c6c65fa401b7f2a4824d1a5a8010002be6c37174075a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca3332ee52e91b29ec7af119983718dbd2e66a66b775adcc654abdd1ac31d42e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F521F152F0915210FE109A2799197FECB41AF45BC8F984832DE1D8B392EE3CE152C200
                                                                                                                                                                                                                              Function 00007FF6DFF72250 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 63stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcpy
                                                                                                                                                                                                                              • String ID: pyi-contents-directory$pyi-contents-directory option not found in onedir bundle archive!
                                                                                                                                                                                                                              • API String ID: 3177657795-1958350669
                                                                                                                                                                                                                              • Opcode ID: 144c37537c1f78c3223557a0433869cfc476ad927a52626deb4d2883448216f2
                                                                                                                                                                                                                              • Instruction ID: 98332f0639dfc2f6523e0c0d467c83d8dbd001778be503606b5d6fd081819779
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 144c37537c1f78c3223557a0433869cfc476ad927a52626deb4d2883448216f2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC218E51F0868394FB61AA62AC053FD9340AF54BC4F844033ED2DC77DAEE6CE62AC650
                                                                                                                                                                                                                              Function 00007FF6DFF76E70 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: calloc
                                                                                                                                                                                                                              • String ID: Cannot allocate memory for SPLASH_STATUS.$calloc
                                                                                                                                                                                                                              • API String ID: 2635317215-799113134
                                                                                                                                                                                                                              • Opcode ID: 942f8fe5890305979e7b23bd6c61b12b378b7291ddffaf8757f4366481b4c106
                                                                                                                                                                                                                              • Instruction ID: 167647614fc9035ebad04c5e0a32e68d695ae085befdb3ef582847a3ffa897c2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 942f8fe5890305979e7b23bd6c61b12b378b7291ddffaf8757f4366481b4c106
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7E0ECA1F08A0780EA245711E4511AE5761DB84344F940437DA6D877A5EE2CE5318754
                                                                                                                                                                                                                              Function 00007FF6DFF7FEF0 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fsetpos
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 850078086-0
                                                                                                                                                                                                                              • Opcode ID: 494cfbfd0869b4bd86ec742704f25e9796c654e056705adcf2f762cf5b6a1ee1
                                                                                                                                                                                                                              • Instruction ID: ba8272c1e2f4161f1bfb219e5db670d3cf4165b3be4ac2ab6d83ee38dc78ba83
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 494cfbfd0869b4bd86ec742704f25e9796c654e056705adcf2f762cf5b6a1ee1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32115CB2E05B829AEB209F7584411EC67A1EB0979CF504A36EA7D877D9DF38D070C280
                                                                                                                                                                                                                              Function 00007FF6DFF7FDAB Relevance: 2.6, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freememsetwcslen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2332356550-0
                                                                                                                                                                                                                              • Opcode ID: 9254918a96c0558d798f128c280d19f15fb0fbea07505cc5abc60daef984cd3a
                                                                                                                                                                                                                              • Instruction ID: e4d162cb836cd76cdf3d0085fbfe1ff703bbc7296ca6173950c48b4b4476b6f8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9254918a96c0558d798f128c280d19f15fb0fbea07505cc5abc60daef984cd3a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8331C866F04B1489EB10CF7AD48109C3BB1FB58BA8B108526EE5C57B68EF34C5A1C790
                                                                                                                                                                                                                              Function 00007FF6DFF7FA00 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpymemset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1297977491-0
                                                                                                                                                                                                                              • Opcode ID: 0971891e58b24c16fc6abcad1ae3b9205ef6e35853942e98c1a0541e49a3549f
                                                                                                                                                                                                                              • Instruction ID: 8748bb9cae115a2ae64bbe913ef693d207692c8a21b3d3887e8acd05c147bbda
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0971891e58b24c16fc6abcad1ae3b9205ef6e35853942e98c1a0541e49a3549f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE21E576B44B8688DB70CF6AD8843ED27A1F748BACF514226CE3C5BB98DE34C2518340
                                                                                                                                                                                                                              Function 00007FF6DFF7FAE0 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpymemset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1297977491-0
                                                                                                                                                                                                                              • Opcode ID: 96b3a7c0620df57f1d0fdad8c4352fe79f9300c682b0a9666d0fc7615ee7acae
                                                                                                                                                                                                                              • Instruction ID: a2264e5bffa85e710355bf57dd81141e9b01d1dd480cd37bc4726ce170502624
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96b3a7c0620df57f1d0fdad8c4352fe79f9300c682b0a9666d0fc7615ee7acae
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D021E576B44B8689DB30CF6AD8843ED37A1F749BACF518126CE2C5BB98DE34C6518740
                                                                                                                                                                                                                              Function 00007FF6DFF744D0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DFF78EF0: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF6DFF72F00), ref: 00007FF6DFF78F26
                                                                                                                                                                                                                              • _wfopen.MSVCRT ref: 00007FF6DFF74515
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_wfopen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 372205238-0
                                                                                                                                                                                                                              • Opcode ID: 460021445462d38f751c38bff17167d13b53ccdfd410499e5b587a202733885b
                                                                                                                                                                                                                              • Instruction ID: 9d83d13d86bbd2136fd3f6e93965e452c138be5e61d9ed3a67b67243d88186e1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 460021445462d38f751c38bff17167d13b53ccdfd410499e5b587a202733885b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51E09A91B0825001FA246216AA047EE8312AF4AFC4E408032EE1C9BB8ACE2CD2638708
                                                                                                                                                                                                                              Function 00007FF6DFF7B000 Relevance: 1.4, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                                                              • Opcode ID: cd203ca4d0c538de12a393ad53275e35b5330f7b63c24e692d8044f3bafcd684
                                                                                                                                                                                                                              • Instruction ID: c4c7ceb4252f7a611cdb0587370cbbca4b79d6cbde95263094745c9ebd1e5730
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd203ca4d0c538de12a393ad53275e35b5330f7b63c24e692d8044f3bafcd684
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD51C737E192428BE7618E29E08892FB7E5FB44794F168036DF6687A94DF3CD850CB00
                                                                                                                                                                                                                              Function 00007FF6DFF7D7E0 Relevance: 1.3, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                                              • Opcode ID: 4a3cd53f5ab6c9f56d3a5cf8db0897558940d4d2ad38b878033855946d3f594a
                                                                                                                                                                                                                              • Instruction ID: 56a6df174f2534fca10e9255a24ee1bc4e19a63f972ccb56a52b0519f40624f3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a3cd53f5ab6c9f56d3a5cf8db0897558940d4d2ad38b878033855946d3f594a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65311726F0471599FB108BA6D4403BC77B0A704B88F94407ADEAC97B98DF3CD6A9C714
                                                                                                                                                                                                                              Function 00007FF6DFF7A7C0 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                              • Opcode ID: 9987054de5803aed25a161aa3056a03c8c9cc54020f4b5dfe5d10db294219541
                                                                                                                                                                                                                              • Instruction ID: de8926d9168b498c74f959f3d84e44df250679ca5e4a50a590881565ab16663f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9987054de5803aed25a161aa3056a03c8c9cc54020f4b5dfe5d10db294219541
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87217427E09B0282FB654F19A44073D67A5AB85B94F2A5136C92D8F3E0EF39D8938300

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00007FF6DFF75810 Relevance: 233.2, APIs: 44, Strings: 89, Instructions: 451libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                                                                                              • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                              • API String ID: 190572456-4266016200
                                                                                                                                                                                                                              • Opcode ID: af163ddc85bf2b883ecff41c15d72a41c989fd972fde24fa4a0f8e3ace152156
                                                                                                                                                                                                                              • Instruction ID: 305803e4dfb3c5e1c7bec2880f0f9c039351baa635088c4661c820f3203d7628
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af163ddc85bf2b883ecff41c15d72a41c989fd972fde24fa4a0f8e3ace152156
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE3290A0E6DB0B90EE15DB16F8500BCA396AF45380F985437C92EC72B5EE6CF5368354
                                                                                                                                                                                                                              Function 00007FF6DFF72620 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 194windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MessageSend$Create$Window$BaseClientDialogFontIconIndirectInfoLoadMetricParametersRectSystemUnits
                                                                                                                                                                                                                              • String ID: $BUTTON$Close$EDIT$Failed to gA7WkD6n script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                              • API String ID: 3223904152-4231048771
                                                                                                                                                                                                                              • Opcode ID: 9bcbd0ae487ad773c65203090edb47d8bd9997bfcb6fad77826f5d4dd51fc8b3
                                                                                                                                                                                                                              • Instruction ID: 8e7fd147aa934e340fdcd12f58400c19a9af17fdac0fa8d24d1412b84572e900
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bcbd0ae487ad773c65203090edb47d8bd9997bfcb6fad77826f5d4dd51fc8b3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E91AB76218B9082E7608F61E45479E7760F788B98F24413AEE8C4BB99CF7EC085CB50
                                                                                                                                                                                                                              Function 00007FF6DFF78B30 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharErrorFormatLastMessageMultiWide
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 1653872744-2573406579
                                                                                                                                                                                                                              • Opcode ID: a444a6fb349bc4707b2cf69bc53a33dba0618e531a6d6d2ca6af9caf27ae63ed
                                                                                                                                                                                                                              • Instruction ID: ce4d7e3390e0c1b346711bc6b0ea684389290f9c303fafd0d7a854543b9cda1d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a444a6fb349bc4707b2cf69bc53a33dba0618e531a6d6d2ca6af9caf27ae63ed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3121AFB1E0CB0391F7209B15F8547AE6361AF88388F548636E96D836A4DF3CE569C700
                                                                                                                                                                                                                              Function 00007FF6DFF715E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                                                              • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                                                                                                                                                                                                                              • API String ID: 384173800-1835852900
                                                                                                                                                                                                                              • Opcode ID: c987cd605a046c4775a246cf352f7a0ef9f3b92eb4b15ad4de75813f5d1440e3
                                                                                                                                                                                                                              • Instruction ID: 2d8f1762d55a027ed8050eb516fbbc40f0398d7230d6ea834721bfb353afd410
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c987cd605a046c4775a246cf352f7a0ef9f3b92eb4b15ad4de75813f5d1440e3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1301DB65E09A1BA1EA159F06BC5027D6364BF48B84F494133C96DC7364EF2CE53AC340
                                                                                                                                                                                                                              Function 00007FF6DFF85C1A Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 1364COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: Infinity$NaN
                                                                                                                                                                                                                              • API String ID: 0-4285296124
                                                                                                                                                                                                                              • Opcode ID: 7102700f6633cce392ca3b63142a687cafa288b5311c7985e3842b8209ed0999
                                                                                                                                                                                                                              • Instruction ID: 123f4c314724595e66a7bb50f3c3858b3c5a1557c55f3f0a580df3b18974fb17
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7102700f6633cce392ca3b63142a687cafa288b5311c7985e3842b8209ed0999
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0EE2F6B2A04B858EE751CF7AC4443AD37A5FB4578CF108226EA1D97B59DF38E891CB40
                                                                                                                                                                                                                              Function 00007FF6DFF7B310 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: incorrect header check$invalid window size$unknown compression method
                                                                                                                                                                                                                              • API String ID: 0-1186847913
                                                                                                                                                                                                                              • Opcode ID: 0bcc04c6aca6022001e292fdf715f741d258b71047340956eb0883c8bfcf3deb
                                                                                                                                                                                                                              • Instruction ID: d33a7e3982c93ec93d38a8daa3523c259c2d09650fbc4f93bcd8f42ff1651d17
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bcc04c6aca6022001e292fdf715f741d258b71047340956eb0883c8bfcf3deb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8751DF72E186524BEB688E25948C93E77A6EB44344F01813ADB2EC7384EF3CE924D744
                                                                                                                                                                                                                              Function 00007FF6DFF7B330 Relevance: 1.5, APIs: 1, Instructions: 256COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                                                              • Opcode ID: d4a3ac781d2dd7079804b81e356a46ba17f177a5c4faaab444abfe3051605557
                                                                                                                                                                                                                              • Instruction ID: 532bdea637d20c8541bbfaa2f887a74bf4426358b5a0c8bccc50c11ba5b3d647
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4a3ac781d2dd7079804b81e356a46ba17f177a5c4faaab444abfe3051605557
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0B19072E082528BE7658E14D04CB3EBBA5FB46784F15813ADB5D87B88DF39E850CB44
                                                                                                                                                                                                                              Function 00007FF6DFF7CF80 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 50e9fc95709145d54ffbee660e2029d8d27f1aabab581049afd4923b1a2fbaa4
                                                                                                                                                                                                                              • Instruction ID: 3d406172a7776b59e245a05e90ace6858be7946ce0a82fae1fb6f8bb894ce87c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50e9fc95709145d54ffbee660e2029d8d27f1aabab581049afd4923b1a2fbaa4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ACD1D332E1C79286E7658F14E00067EF7A0FB94744F845136EA9A93B98DF7DE859CB00
                                                                                                                                                                                                                              Function 00007FF6DFF798D0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 12a6a1b6c47e1f2b3e1a5b0af0df9fa1198957c7987c6bd126b5b8128568ff48
                                                                                                                                                                                                                              • Instruction ID: 7f27c05a65c10ad0eb2c197dec09b92a61d3762bdf6582d4216a843fb97758d3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12a6a1b6c47e1f2b3e1a5b0af0df9fa1198957c7987c6bd126b5b8128568ff48
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5A128B3F241A047EA64CB2A941067EB7A2F74A7D1F84D232DF9987788CA3CE515C700
                                                                                                                                                                                                                              Function 00007FF6DFF99618 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c2bb06eeec5c94951c669f13ff006b9f4ee95621f3dca3fef6b548ae13b83791
                                                                                                                                                                                                                              • Instruction ID: 204770628ba98e3a97501b4a93af3796139d9e65aa94e3e91165f47f0d4779dc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2bb06eeec5c94951c669f13ff006b9f4ee95621f3dca3fef6b548ae13b83791
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59B0121BD1FAC166F1F6463405F402C1E80B251C087080559C354430C2C8402425C109
                                                                                                                                                                                                                              Function 00007FF6DFF7D679 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 414ff583ba8e6fd3544dbc432cec04c7b86bc944b6fbebee7f48b844bc084a28
                                                                                                                                                                                                                              • Instruction ID: 9ca9f6e426b04070cffddfc991af3002dfa2fe0dc4fc88b2197cd0b5abbf8aaf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 414ff583ba8e6fd3544dbc432cec04c7b86bc944b6fbebee7f48b844bc084a28
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8A0021695EC1180E2340F11DC011F86228D746305F052035C43CD3011CF2C90914648
                                                                                                                                                                                                                              Function 00007FF6DFF774D0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 324libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                                                                                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                              • API String ID: 190572456-2208601799
                                                                                                                                                                                                                              • Opcode ID: 22024b249153ea0e59b866e83f9e6b0fc22e0894010a1230b992406c58f677af
                                                                                                                                                                                                                              • Instruction ID: 077a3da6979acb93ec69585ff6a48df23fec1cc4376ab0686d599a97df6fb925
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22024b249153ea0e59b866e83f9e6b0fc22e0894010a1230b992406c58f677af
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86F1B5A1E2DB0790FE15DB16FC510BCA7A6AF45380B945537D8ADC33A5EEACE129C304
                                                                                                                                                                                                                              Function 00007FF6DFF73770 Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID: %s%c%s.py$Absolute path to script exceeds PATH_MAX$Could not get __main__ module's dict.$Could not get __main__ module.$Failed to unmarshal code object for %s$Traceback is disabled via bootloader option.$\$__file__$__main__$_pyi_main_co$format_exception$pyi-disable-windowed-traceback$traceback
                                                                                                                                                                                                                              • API String ID: 1294909896-4198433784
                                                                                                                                                                                                                              • Opcode ID: 7b76e79bf71ce97a3d82fffa890a01aadf1e29b1b2c140642746c48a92a1b34a
                                                                                                                                                                                                                              • Instruction ID: 40d83b3896e1af90d2fc4c4e46fdb7afbf0c56c54527407c37180c612f6db515
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b76e79bf71ce97a3d82fffa890a01aadf1e29b1b2c140642746c48a92a1b34a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1B12866A09A4AA5EA00AF16E85417D63A0FF89FC4F544433DE2E837B1EF3CE465D300
                                                                                                                                                                                                                              Function 00007FF6DFF7EEB0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcstombs$setlocale$freembstowcsrealloc$_strdup
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 1093732947-3944641314
                                                                                                                                                                                                                              • Opcode ID: 287966860c2ac8b6444271d038978cadc57c822ad10f62d983c926d9487c4d46
                                                                                                                                                                                                                              • Instruction ID: 78298ad18791df875224fbdfa184275dc51ee32a66e523a363780aab3cab1705
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 287966860c2ac8b6444271d038978cadc57c822ad10f62d983c926d9487c4d46
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58A14966F08B6688EB509BA6D8442FD27B0FB08B98F404536DE6C97B99DF3DD421C350
                                                                                                                                                                                                                              Function 00007FF6DFF73270 Relevance: 24.2, APIs: 2, Strings: 14, Instructions: 203stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmpstrcpystrlen
                                                                                                                                                                                                                              • String ID: %s%c%s$%s%c%s%c%s%c%s$%s%c%s%c%s.pkg$%s%c%s.exe$Archive not found: %s$Archive path exceeds PATH_MAX$Failed to copy %s$Failed to extract %s$Failed to open archive %s!$\$\$_MEIPASS2$pyi-contents-directory$pyi-contents-directory option not found in onedir bundle archive!
                                                                                                                                                                                                                              • API String ID: 895318938-736835633
                                                                                                                                                                                                                              • Opcode ID: 7188ce8ba599c65f30d2b2548273d83509032fe689fbd89c554c56a7400f603c
                                                                                                                                                                                                                              • Instruction ID: 69450164bd7b0be1878251386ee4e2e1f836275fae7cd77695b9bee0338588af
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7188ce8ba599c65f30d2b2548273d83509032fe689fbd89c554c56a7400f603c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97915C61E08A82A1FA209B22E8406BEA750FF44B84F944533EE6DD7796DF3CE565C740
                                                                                                                                                                                                                              Function 00007FF6DFF74870 Relevance: 22.7, APIs: 7, Strings: 8, Instructions: 203stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocstrcmpstrncmp
                                                                                                                                                                                                                              • String ID: _MEIPASS2$dev$hash_seed$optimize$pyi-$unbuffered$utf8$verbose
                                                                                                                                                                                                                              • API String ID: 3864021093-2470803696
                                                                                                                                                                                                                              • Opcode ID: 1ebc1015cd89388c44d796f0e6af0bbaf2b2aa1507eb9976b7d4d29af4bb5d45
                                                                                                                                                                                                                              • Instruction ID: d99546f7bad84ca07176bd2b7acb97aea0931cbe8399712e4d2665b26defed9f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ebc1015cd89388c44d796f0e6af0bbaf2b2aa1507eb9976b7d4d29af4bb5d45
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1181C262E0C653C6FB759F22A40437EEBA1AF45B98F048077CA6D87695DE3CE660C314
                                                                                                                                                                                                                              Function 00007FF6DFF71AC0 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 89COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _wfopenfclosefreadfreemalloc
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$_MEIPASS2$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 3354994319-975985129
                                                                                                                                                                                                                              • Opcode ID: b6c15d7af01ca10ef3634044a49f60cc2ac562fbc6848c346da0bc4537f0ce61
                                                                                                                                                                                                                              • Instruction ID: b53e8c7804d4d6c24d3277b7c5c428d67e8ed54d4f7925f615f43ad1af85cf2b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6c15d7af01ca10ef3634044a49f60cc2ac562fbc6848c346da0bc4537f0ce61
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C031E191F09557A0FE149B169814BFE9750AF00BD8F946033DD2D8B7A6FE2CE42AC380
                                                                                                                                                                                                                              Function 00007FF6DFF72AA0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _wcsdupfree$DeleteDestroyDialogHandleIconIndirectModuleObjectParammemset
                                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                                              • API String ID: 3963799495-2699770090
                                                                                                                                                                                                                              • Opcode ID: 43471661e5077f8d2a8b4a148338f8b99de2e514ac72301b00bb8278eb0036d4
                                                                                                                                                                                                                              • Instruction ID: 62d9a89a007efd88d56bebd8bfefc60b244f0990eda904e135b20b255dddf3d2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43471661e5077f8d2a8b4a148338f8b99de2e514ac72301b00bb8278eb0036d4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61215172A0DA8281EA219F62F8556FE6760FB85B84F440137EE5E87B55DF3CD025CB40
                                                                                                                                                                                                                              Function 00007FF6DFF762A0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 122COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfflush$strcmpstrncmp
                                                                                                                                                                                                                              • String ID: Failed to allocate PyConfig structure! Unsupported python version?$Failed to parse run-time options!$Failed to pre-C7Dlwp4k embedded python interpreter!$Failed to set module search paths!$Failed to set program name!$Failed to set python home path!$Failed to set run-time options!$Failed to set sys.argv!$Failed to start embedded python interpreter!
                                                                                                                                                                                                                              • API String ID: 2710203250-2440087815
                                                                                                                                                                                                                              • Opcode ID: 4f236a89a7cd51b2b3fca8f5acd636a7ada8452e1d5d72af4d0157a058538f47
                                                                                                                                                                                                                              • Instruction ID: 4a18029d0a3b4edc6e080692d3548aa969e7a30d8f3fd75af06c40f0977b054f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f236a89a7cd51b2b3fca8f5acd636a7ada8452e1d5d72af4d0157a058538f47
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64512B11E0C65391FA15AB2AA8511BDD364AF80BD4F440033EE7EC77E2EE2DE5268750
                                                                                                                                                                                                                              Function 00007FF6DFF76BD0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 131stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlenstrncpy$callocfreememcpy
                                                                                                                                                                                                                              • String ID: SPLASH: Cannot extract requirement %s.$SPLASH: Cannot find requirement %s in archive.$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 4189425833-927121926
                                                                                                                                                                                                                              • Opcode ID: 2ecc1dc425c6d9c378c3586f5a4b7250b878fc84675a255019ea90320cbe997f
                                                                                                                                                                                                                              • Instruction ID: 1ade13fce3f264ad864ed2fc2948badbf84ee6a50d2d58c2a3da47ddf2bdf5ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ecc1dc425c6d9c378c3586f5a4b7250b878fc84675a255019ea90320cbe997f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F641C551F0C64295EA24EA23A8146FEA755FF44FC8F444132EE2DC7786DE2CE265C300
                                                                                                                                                                                                                              Function 00007FF6DFF769E0 Relevance: 18.1, APIs: 10, Strings: 2, Instructions: 114stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpystrncpy$malloc$callocfree
                                                                                                                                                                                                                              • String ID: Cannot allocate memory for necessary files.$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 1819673767-1389504347
                                                                                                                                                                                                                              • Opcode ID: 667f4ada2585d8c75f7d08fbbfbf278b8df85313fa7ef40f25480eeebb1e5e38
                                                                                                                                                                                                                              • Instruction ID: 5b382e8a35e4ef0be4d43a2509c60334f842d77a650e38e39b54c8b68744ae19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 667f4ada2585d8c75f7d08fbbfbf278b8df85313fa7ef40f25480eeebb1e5e38
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B14108A2F0964157EA28EB22A5441EDA761FB45B84F444432DF2D87781DF7CF1718304
                                                                                                                                                                                                                              Function 00007FF6DFF72410 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                              • Opcode ID: 634056c5d82886171c5826ebe08236f1ab83107b6a9b60c113236062154ca025
                                                                                                                                                                                                                              • Instruction ID: a392f66cc7a4393c07e568f2692e8b0165ab0fb2e4dec9662cfd9cf96ebf50ec
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 634056c5d82886171c5826ebe08236f1ab83107b6a9b60c113236062154ca025
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A4165766146A18AD7208F26E44876D77A1F788F99F084232EE8987B59DF3CD145CB20
                                                                                                                                                                                                                              Function 00007FF6DFF78500 Relevance: 15.1, APIs: 10, Instructions: 75fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclose$clearerrferror$_wfopenfreadfwrite
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4075948245-0
                                                                                                                                                                                                                              • Opcode ID: c9d41ce99c79e5cebecc2dfc79a962aeec18882380671e0d6ce33451f3cb1253
                                                                                                                                                                                                                              • Instruction ID: 95f8fdbfcdebfce42eee78c5c4ca8aa1c58bedf5173b6ee43e8a39638485038d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9d41ce99c79e5cebecc2dfc79a962aeec18882380671e0d6ce33451f3cb1253
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5212C51F0D24301F92566275A112FD87810F46FE9E688937EC3EEB7C6ED1DE9259340
                                                                                                                                                                                                                              Function 00007FF6DFF82C0B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 176stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwprintf$___lc_codepage_func___mb_cur_max_funcfputwcmemsetstrlen
                                                                                                                                                                                                                              • String ID: %*.*S$%-*.*S$%.*S
                                                                                                                                                                                                                              • API String ID: 1485978544-2115465065
                                                                                                                                                                                                                              • Opcode ID: d2eb4217ddd9504e58b3f4f9667a6e8988adc284b89a5f1a388818bb5d907d71
                                                                                                                                                                                                                              • Instruction ID: 8346da720d5201c6fc96e484d1fa1164e6fc85b14c2ad6ccce1c1c233f15eb46
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2eb4217ddd9504e58b3f4f9667a6e8988adc284b89a5f1a388818bb5d907d71
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE81DDB6B04B498AE710CF2AC8806AC77E0F748B9CB118536EE5D87B58DF38E510CB40
                                                                                                                                                                                                                              Function 00007FF6DFF78D20 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                              • API String ID: 1374691127-27947307
                                                                                                                                                                                                                              • Opcode ID: c28c0e6c5d8874854bbcf17be2a90bb230ec35532378af5f2a3c060bcab11e97
                                                                                                                                                                                                                              • Instruction ID: 0c7d5e9bc210586d3266d7fa33d153b834d967358e801053244ef3e995094e7e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c28c0e6c5d8874854bbcf17be2a90bb230ec35532378af5f2a3c060bcab11e97
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E12171A1E0DB4284EB209B66E85037EA751EF48394F544637DA6E877D5EF3CD014C740
                                                                                                                                                                                                                              Function 00007FF6DFF78C30 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Out of memory.$WideCharToMultiByte$win32_wcs_to_mbs
                                                                                                                                                                                                                              • API String ID: 1374691127-3831141058
                                                                                                                                                                                                                              • Opcode ID: 70b0f69a5f29bccdbde79e00c8141b456ca76900c87d9a96fa50ccaa8911fad9
                                                                                                                                                                                                                              • Instruction ID: 1e02d4b8b2572cbe69a01b1a892fed694666fc1bfe4374e98ca6aa1d9704d815
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70b0f69a5f29bccdbde79e00c8141b456ca76900c87d9a96fa50ccaa8911fad9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD21AE61E0CB4684FB209B56E85476EA791EF48394F54823BEE6E872D5EF3CE114C700
                                                                                                                                                                                                                              Function 00007FF6DFF78850 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errnostrerror$_strdupcalloc
                                                                                                                                                                                                                              • String ID: LOADER: failed to allocate argv_pyi: %s$LOADER: failed to strdup argv[%d]: %s
                                                                                                                                                                                                                              • API String ID: 4278403329-2782260415
                                                                                                                                                                                                                              • Opcode ID: 1d9ac3ccfa277b8f64417ff6ae261a12fd7eef427e7f1ea7b4c48e259a183636
                                                                                                                                                                                                                              • Instruction ID: 988da3331115488e609a45b75c5a7114608f4476b182f52658dd46157a018ff0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d9ac3ccfa277b8f64417ff6ae261a12fd7eef427e7f1ea7b4c48e259a183636
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1311AF62E0960395F7249F55E841ABDA790BF44B45F64463ADD3EC7391EE3CA464C300
                                                                                                                                                                                                                              Function 00007FF6DFF76490 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 102stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freestrlen
                                                                                                                                                                                                                              • String ID: Failed to get _MEIPASS as PyObject.$Module object for %s is NULL!$_MEIPASS$_MEIPASS2$strict$utf-8
                                                                                                                                                                                                                              • API String ID: 322734593-568040347
                                                                                                                                                                                                                              • Opcode ID: 7a526db5fdafa739e6a8bdaf9888ecddec0414ce26d8671fe76357d577240bed
                                                                                                                                                                                                                              • Instruction ID: e8518395bc81662b837a93de50228821deddaa71410712a11e3d66e3c590b473
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a526db5fdafa739e6a8bdaf9888ecddec0414ce26d8671fe76357d577240bed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13417C62F09A46A1EE159F26E84447D6360BF49FD4B884177EE2E873A4DE3CE465D300
                                                                                                                                                                                                                              Function 00007FF6DFF78EF0 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: %s%s: %s$Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                              • API String ID: 1374691127-2292745976
                                                                                                                                                                                                                              • Opcode ID: ae36a3af2c446c5ec232e177f4e3447b6ea882bf452ebd8e328b24314d8fb46a
                                                                                                                                                                                                                              • Instruction ID: a06bbc942f7b06f367d388c3c42a3877dee9169ef41c31f784d905c65db84865
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae36a3af2c446c5ec232e177f4e3447b6ea882bf452ebd8e328b24314d8fb46a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A711A561F0974284FA209B66EC502BD9352AF487A4F588637DE2DC76D1DE7CE124C300
                                                                                                                                                                                                                              Function 00007FF6DFF77210 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 155COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID: _image_data$exit$rename ::source ::_source$source$tclInit$tcl_findLibrary
                                                                                                                                                                                                                              • API String ID: 1294909896-1126984729
                                                                                                                                                                                                                              • Opcode ID: e7df9e5e9c9a22bf82ea4de0ef2a26f98d4efede9051a1b578dbcbab44cc7672
                                                                                                                                                                                                                              • Instruction ID: 33d603ea0ea8db5aa824c65d07c9247fe9ad312b5d5ffe7f46b8351212428843
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7df9e5e9c9a22bf82ea4de0ef2a26f98d4efede9051a1b578dbcbab44cc7672
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B571D67AA18A4695EB109F22E8543AD7360FB48F89F444537DEAE87364DF7CD528C340
                                                                                                                                                                                                                              Function 00007FF6DFF76600 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen
                                                                                                                                                                                                                              • String ID: %U?%llu$Failed to append PYZ entry to sys.path!$Installing PYZ: Could not get sys.path!$path$strict$utf-8
                                                                                                                                                                                                                              • API String ID: 39653677-372213108
                                                                                                                                                                                                                              • Opcode ID: ad6469434e16e444b467f2237217c5c1b6908c5ff4eac4261832d946bacd06fa
                                                                                                                                                                                                                              • Instruction ID: 8e58cf26accd32eb8e2fb2244b0d440959714c56669f2723740acffded19ea13
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad6469434e16e444b467f2237217c5c1b6908c5ff4eac4261832d946bacd06fa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D112C66E09A1691EA109F2AF8540AD6360AF89FD4B844133DD2EC73A0EE3CE525C700
                                                                                                                                                                                                                              Function 00007FF6DFF82F08 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwprintf$fputwc
                                                                                                                                                                                                                              • String ID: %*.*s$%-*.*s$%.*s
                                                                                                                                                                                                                              • API String ID: 2988249585-4054516066
                                                                                                                                                                                                                              • Opcode ID: d6417dfda2078b4447efd06462b0ebb0257d965d566ff2bcbec1a803eaf523e4
                                                                                                                                                                                                                              • Instruction ID: 470a58fe9e66724bbe8e8a8e223da522ea5263e7df3ead5fb2985e6253d07bb7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6417dfda2078b4447efd06462b0ebb0257d965d566ff2bcbec1a803eaf523e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE71DCB6B04B8ACAD750CF2AC8815AD77E0F748B9CB118526EE5D87768DF38D550CB40
                                                                                                                                                                                                                              Function 00007FF6DFF77BB0 Relevance: 8.8, APIs: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$malloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3157260142-0
                                                                                                                                                                                                                              • Opcode ID: cd771d01ee20a4a004eb1f515599c7128b18be52d0559a66d9b4fa3e6a355d5b
                                                                                                                                                                                                                              • Instruction ID: 0675d6db0c8971358b7866bccb280e4f83368b4bbc989daf64ff1b6dfad210ff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd771d01ee20a4a004eb1f515599c7128b18be52d0559a66d9b4fa3e6a355d5b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2611A042F1F58718FE6AA95329156BF8FC11F49FD8D084432DD6E8F781ED6CA8618340
                                                                                                                                                                                                                              Function 00007FF6DFF729E0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DialogLongWindow$InvalidateRect
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1200242243-0
                                                                                                                                                                                                                              • Opcode ID: 28415b81cc461644b9bde5041361b6faa17e91a7d6b1d99a581dc0e61d36b3c2
                                                                                                                                                                                                                              • Instruction ID: 758476059aad64da1f9ea33b667355a24cf0f8d91833607470bf6581cebcb866
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28415b81cc461644b9bde5041361b6faa17e91a7d6b1d99a581dc0e61d36b3c2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE01B531F1C46742F7782B2A68441BCA382EF99B51F5584B3DD1EC3B95CD3C68E29A01
                                                                                                                                                                                                                              Function 00007FF6DFF7E490 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: CCG
                                                                                                                                                                                                                              • API String ID: 0-1584390748
                                                                                                                                                                                                                              • Opcode ID: d250d892eb8f1a517ca8d111c4faaae7f46539765e284bd4c425852093292da5
                                                                                                                                                                                                                              • Instruction ID: e78c2964a53f32d1a9ed32512d217c7ac9fb974b02fb810f8d47eec562e415e2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d250d892eb8f1a517ca8d111c4faaae7f46539765e284bd4c425852093292da5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D412072E18606CAFB208B64C9543BE6361EB44758F114A37CA3DC77E8DE3CE5719641
                                                                                                                                                                                                                              Function 00007FF6DFF72CD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DFF78EF0: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF6DFF72F00), ref: 00007FF6DFF78F26
                                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF6DFF72D53
                                                                                                                                                                                                                              • MessageBoxA.USER32 ref: 00007FF6DFF72D7B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to get UTF-8 buffer size.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 1878133881-785100509
                                                                                                                                                                                                                              • Opcode ID: 7f5320ca9c022b5a5880cc99aba030728f2a4c067df74a4bd38cf457f7fd81ef
                                                                                                                                                                                                                              • Instruction ID: b926aa467ec84e4f2eb51ee7f183d300fb0ec4147c6839f7f52eaf8f8861ed6f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f5320ca9c022b5a5880cc99aba030728f2a4c067df74a4bd38cf457f7fd81ef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2501D23270878040EB301B26A8057EEA281A748BD5F488436CE4D57B85DE3CD596CB40
                                                                                                                                                                                                                              Function 00007FF6DFF74420 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharFileModuleMultiNameWide
                                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                              • API String ID: 1532159127-1977442011
                                                                                                                                                                                                                              • Opcode ID: 32aec0e32114a87591ef6c700c884524eb8b134af1a94f75ba6e9a037605cee3
                                                                                                                                                                                                                              • Instruction ID: f583215f5a875d78b95783f26efdf387e37190ee78a53fc549733cbb6ba6bcb9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32aec0e32114a87591ef6c700c884524eb8b134af1a94f75ba6e9a037605cee3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF049A2F1C50381FA616B22AC453BD83519F497C4F444437EC2EC76AAEE1CEA6A9710
                                                                                                                                                                                                                              Function 00007FF6DFF72BD0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to obtain/convert traceback!
                                                                                                                                                                                                                              • API String ID: 3219091393-982972847
                                                                                                                                                                                                                              • Opcode ID: c72f11a31188c5ad1fdffc2f5de9e9f27b8325dc9da19ccfbcf90b0df7aa0248
                                                                                                                                                                                                                              • Instruction ID: fc935b794c4ecc42dae60d055cef241e0147faffa363122169aa5537e3775994
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c72f11a31188c5ad1fdffc2f5de9e9f27b8325dc9da19ccfbcf90b0df7aa0248
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B018441F1E29205FD6965BB09226BE83424F44FD0E5C8436ED1ECBF83ED2DE4218740
                                                                                                                                                                                                                              Function 00007FF6DFF7DA10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-3474627141
                                                                                                                                                                                                                              • Opcode ID: 23188349e83ee451bd10b25c6aa65908cd8bb1407ab069ba85c36fe8cde94703
                                                                                                                                                                                                                              • Instruction ID: ea7d7fa1beba4fb9b81b13a6b6b7af66ed2faf8db1383a30a18d23fb41ca7994
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23188349e83ee451bd10b25c6aa65908cd8bb1407ab069ba85c36fe8cde94703
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38215B66A04F849AEB118F69D8413EE7371FF59798F444622EE8C57724EF38D259C300
                                                                                                                                                                                                                              Function 00007FF6DFF72F10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message_errno
                                                                                                                                                                                                                              • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                              • API String ID: 1796756983-2410924014
                                                                                                                                                                                                                              • Opcode ID: d1cbbd953ca21beeb29a1fcc411e82e708ae5de07ba7f1a82297aa0e77065503
                                                                                                                                                                                                                              • Instruction ID: 3528331e711ed51f9038acbe8c82439837edfb55d7efaa6888778f9b2227a186
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1cbbd953ca21beeb29a1fcc411e82e708ae5de07ba7f1a82297aa0e77065503
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07016262A1C681D1F2209B22F8407EE6764FB94BD4F904232DF9C53B99CE3CD666CB44
                                                                                                                                                                                                                              Function 00007FF6DFF7DA5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2713391170
                                                                                                                                                                                                                              • Opcode ID: 4bc73b72bde602d50bd6996f048aa5e1ed414ff175956bb87dcdf23f434c2120
                                                                                                                                                                                                                              • Instruction ID: f409264a34dc21a663902793d20d8ef256a9f8a28325509877978cebf4d50623
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bc73b72bde602d50bd6996f048aa5e1ed414ff175956bb87dcdf23f434c2120
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43015A66A04F848AE7118F69D8402AE7770FF4DB99F044722EF8D27724DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF7DA69 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2468659920
                                                                                                                                                                                                                              • Opcode ID: ff2b5c5fb687d91f0b221557c7184b2a53967751068dee2070be2c40401cae02
                                                                                                                                                                                                                              • Instruction ID: 4ec232df48cabf016e323973b6fb810d5ee70b24c5a579c74140d1a437babf19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff2b5c5fb687d91f0b221557c7184b2a53967751068dee2070be2c40401cae02
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A014866A04F848AE7118F69D8402AE7770FF4DB99F044622EF8D2B724DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF7DA76 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4064033741
                                                                                                                                                                                                                              • Opcode ID: 4a93ca5e65c98c494370446ff841bccd9ff8d068e8bfda7413ee571c7891f540
                                                                                                                                                                                                                              • Instruction ID: 40f3be69c8f015ed90040d3d59ad8a048c53a61d45ce2618f5cce828a7fa1eb9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a93ca5e65c98c494370446ff841bccd9ff8d068e8bfda7413ee571c7891f540
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28015666A04F888AE7118F69D8402AE7770FF8DB99F048722EF8D6B725DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF7DA83 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4283191376
                                                                                                                                                                                                                              • Opcode ID: 0d1aa399085a75b8b072d80d84b44118880c3291a941a9cf13af9718a2cff7b3
                                                                                                                                                                                                                              • Instruction ID: 7426d82e1fda0ca193de79dfe724d53d3241c4aeaeb8e865a7944e1d53d0f0a3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d1aa399085a75b8b072d80d84b44118880c3291a941a9cf13af9718a2cff7b3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91015A66A04F848AE7118F69D8402AE7770FF8DB99F044722EF8D67724DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF7DA90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4273532761
                                                                                                                                                                                                                              • Opcode ID: f67ed119eb88b9fe41558e53022155db75d7e3d109680d0b53d5d3a77e47e22f
                                                                                                                                                                                                                              • Instruction ID: 9b497590dbd34f8225aeb5ebe17caa28a98b3b8d6606dc62705535b93449c97f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f67ed119eb88b9fe41558e53022155db75d7e3d109680d0b53d5d3a77e47e22f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32015A66A04F848AE7118F69D8402AE7770FF4DB99F044722EF8D67724DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF7DA9D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2187435201
                                                                                                                                                                                                                              • Opcode ID: b97a8a5cf53c8f5fae4f755748c6196fedc78155e63a17b4b90822ca1f009b6f
                                                                                                                                                                                                                              • Instruction ID: 4044260a64d3866eecffe72d0060c1cebcefad0b55a0cc0e23d2225388023843
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b97a8a5cf53c8f5fae4f755748c6196fedc78155e63a17b4b90822ca1f009b6f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F014466A04F888AE7118F69D8402AE7770FB8DB99F048622EF9D6B724DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF747E0 Relevance: 5.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                              • Opcode ID: e32ea28c20312c466fe0eae4607c9c7db9732c83a98e376157454717f3c0b371
                                                                                                                                                                                                                              • Instruction ID: 989cc6f2cd2bf04213030c574eaab4401f27d8d3b2eb54f6acaa518a628baea1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e32ea28c20312c466fe0eae4607c9c7db9732c83a98e376157454717f3c0b371
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3601B163E08515C2EB60DB36E4412BDA770FF88F58F258232CE1E87346CD28D8A2C784
                                                                                                                                                                                                                              Function 00007FF6DFF76EB0 Relevance: 5.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2100572714.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100557371.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100593956.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100611366.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100628838.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100643740.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100658058.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2100672652.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                              • Opcode ID: f0bf0e9c3c52508d81d47e1dd12508dcc90c83752b35f5aea06d8c31e236c31f
                                                                                                                                                                                                                              • Instruction ID: 53d1c5cef05e611de79c153dfbf840d3de36754651e1243659b0dabcad704ec2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0bf0e9c3c52508d81d47e1dd12508dcc90c83752b35f5aea06d8c31e236c31f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40F08C91E0A51245FD69AA72E0203BD57205F44F84F148432CB2E97B82CE2DE862C314

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:1.3%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:5.8%
                                                                                                                                                                                                                              Total number of Nodes:1505
                                                                                                                                                                                                                              Total number of Limit Nodes:62
                                                                                                                                                                                                                              execution_graph 92560 7ff8a86e2b53 92561 7ff8a88d7530 92560->92561 92562 7ff8a88d753a TlsFree 92561->92562 92563 7ff6dff710f6 92566 7ff6dff71154 92563->92566 92567 7ff6dff7118b 92566->92567 92568 7ff6dff711fd 92567->92568 92569 7ff6dff711f1 _amsg_exit 92567->92569 92570 7ff6dff71232 92568->92570 92571 7ff6dff7120a _initterm 92568->92571 92569->92570 92572 7ff6dff7124a _initterm 92570->92572 92573 7ff6dff71270 92570->92573 92571->92570 92572->92573 92582 7ff6dff7147c 92573->92582 92575 7ff6dff71309 92587 7ff6dff7d7e0 92575->92587 92578 7ff6dff7135d 92580 7ff6dff71117 92578->92580 92581 7ff6dff71367 _cexit 92578->92581 92579 7ff6dff71350 exit 92579->92578 92581->92580 92583 7ff6dff714a2 92582->92583 92584 7ff6dff71558 92583->92584 92585 7ff6dff714bd 92583->92585 92584->92575 92586 7ff6dff714dc malloc memcpy 92585->92586 92586->92583 92590 7ff6dff7d806 92587->92590 92588 7ff6dff7d888 memset 92589 7ff6dff7d8af 92588->92589 92593 7ff6dff716d0 92589->92593 92590->92588 92683 7ff6dff78e40 92593->92683 92595 7ff6dff716f3 92691 7ff6dff72160 calloc 92595->92691 92600 7ff6dff73c8a 92603 7ff6dff740bb 92600->92603 92706 7ff6dff77c80 92600->92706 92797 7ff6dff72d90 10 API calls 92603->92797 92798 7ff6dff780b0 30 API calls 92603->92798 92799 7ff6dff77120 11 API calls 92603->92799 92604 7ff6dff73cbc 92605 7ff6dff73fb8 92604->92605 92606 7ff6dff77c80 15 API calls 92604->92606 92740 7ff6dff77d70 92605->92740 92607 7ff6dff73cd4 92606->92607 92607->92605 92610 7ff6dff73cec free 92607->92610 92612 7ff6dff77d70 12 API calls 92610->92612 92611 7ff6dff73fd8 92743 7ff6dff72250 92611->92743 92614 7ff6dff73d06 92612->92614 92616 7ff6dff77d70 12 API calls 92614->92616 92617 7ff6dff73d0e 92616->92617 92619 7ff6dff72250 44 API calls 92617->92619 92618 7ff6dff72250 44 API calls 92621 7ff6dff73ff8 92618->92621 92620 7ff6dff73d1c 92619->92620 92624 7ff6dff72250 44 API calls 92620->92624 92626 7ff6dff73d6a 92620->92626 92622 7ff6dff73f00 92621->92622 92623 7ff6dff7411e 92621->92623 92622->92603 92622->92626 92654 7ff6dff73f13 92622->92654 92783 7ff6dff769e0 39 API calls 92622->92783 92791 7ff6dff76bd0 95 API calls 92622->92791 92792 7ff6dff76df0 43 API calls 92622->92792 92793 7ff6dff77010 FreeLibrary 92622->92793 92794 7ff6dff76eb0 free free free free 92622->92794 92801 7ff6dff72d90 10 API calls 92623->92801 92627 7ff6dff73d32 92624->92627 92626->92603 92626->92622 92634 7ff6dff76e70 12 API calls 92626->92634 92639 7ff6dff73d95 SetDllDirectoryW 92626->92639 92640 7ff6dff74110 92626->92640 92642 7ff6dff7409a 92626->92642 92650 7ff6dff73db1 92626->92650 92714 7ff6dff78ef0 92626->92714 92795 7ff6dff723b0 58 API calls 92626->92795 92627->92623 92629 7ff6dff73d3a 92627->92629 92631 7ff6dff73e58 92629->92631 92638 7ff6dff73d43 92629->92638 92768 7ff6dff744d0 92631->92768 92634->92626 92637 7ff6dff73e67 92637->92603 92774 7ff6dff78a10 malloc 92637->92774 92638->92626 92763 7ff6dff723b0 58 API calls 92638->92763 92727 7ff6dff76e70 calloc 92639->92727 92800 7ff6dff72d90 10 API calls 92640->92800 92796 7ff6dff76eb0 free free free free 92642->92796 92648 7ff6dff73eab 92648->92626 92652 7ff6dff740b0 fclose 92648->92652 92764 7ff6dff76eb0 free free free free 92650->92764 92651 7ff6dff73f26 92785 7ff6dff73660 110 API calls 92651->92785 92652->92603 92784 7ff6dff76eb0 free free free free 92654->92784 92655 7ff6dff73dbb strcmp 92658 7ff6dff73e10 92655->92658 92659 7ff6dff73dce 92655->92659 92731 7ff6dff73b90 92658->92731 92765 7ff6dff73c10 fputc 92659->92765 92660 7ff6dff73f1d 92660->92651 92660->92655 92661 7ff6dff73f33 92661->92603 92786 7ff6dff77d10 13 API calls 92661->92786 92663 7ff6dff73dec 92663->92603 92664 7ff6dff73df7 strcpy 92663->92664 92664->92658 92667 7ff6dff73e20 92766 7ff6dff77010 FreeLibrary 92667->92766 92668 7ff6dff73f5a 92668->92603 92670 7ff6dff73f6b 92668->92670 92787 7ff6dff78680 21 API calls 92670->92787 92671 7ff6dff73e34 92767 7ff6dff76eb0 free free free free 92671->92767 92673 7ff6dff71340 92673->92578 92673->92579 92675 7ff6dff73f81 92788 7ff6dff77010 FreeLibrary 92675->92788 92677 7ff6dff73f8d 92789 7ff6dff76eb0 free free free free 92677->92789 92679 7ff6dff73f97 92679->92603 92680 7ff6dff73fa4 92679->92680 92790 7ff6dff721a0 free 92680->92790 92682 7ff6dff73fac 92682->92673 92684 7ff6dff78e5e 92683->92684 92685 7ff6dff78eb9 92684->92685 92686 7ff6dff78e6a 92684->92686 92685->92595 92686->92685 92688 7ff6dff78e91 92686->92688 92802 7ff6dff78d20 13 API calls 92686->92802 92689 7ff6dff78ea0 free 92688->92689 92689->92689 92690 7ff6dff78eb1 free 92689->92690 92690->92685 92692 7ff6dff7217d 92691->92692 92693 7ff6dff72178 92691->92693 92803 7ff6dff72f10 11 API calls 92692->92803 92693->92603 92695 7ff6dff74420 92693->92695 92804 7ff6dff7ee70 92695->92804 92698 7ff6dff7444c 92806 7ff6dff78d20 13 API calls 92698->92806 92699 7ff6dff74478 92807 7ff6dff72e70 10 API calls 92699->92807 92702 7ff6dff7446a 92702->92600 92703 7ff6dff7445d 92703->92702 92808 7ff6dff72d90 10 API calls 92703->92808 92705 7ff6dff7449c 92705->92702 92707 7ff6dff77c8b 92706->92707 92708 7ff6dff78ef0 10 API calls 92707->92708 92709 7ff6dff77ca0 GetEnvironmentVariableW 92708->92709 92710 7ff6dff77cc8 ExpandEnvironmentStringsW 92709->92710 92711 7ff6dff77cb6 92709->92711 92809 7ff6dff78d20 13 API calls 92710->92809 92711->92604 92713 7ff6dff77cec 92713->92604 92713->92711 92715 7ff6dff78f03 92714->92715 92716 7ff6dff78f40 MultiByteToWideChar 92714->92716 92717 7ff6dff78f0d MultiByteToWideChar 92715->92717 92718 7ff6dff78fc8 92716->92718 92719 7ff6dff78f75 calloc 92716->92719 92721 7ff6dff78f2c 92717->92721 92722 7ff6dff78fa8 92717->92722 92812 7ff6dff72e70 10 API calls 92718->92812 92719->92717 92723 7ff6dff78f8b 92719->92723 92721->92626 92811 7ff6dff72e70 10 API calls 92722->92811 92810 7ff6dff72e70 10 API calls 92723->92810 92726 7ff6dff78fa0 92726->92721 92728 7ff6dff76e8d 92727->92728 92729 7ff6dff76e88 92727->92729 92813 7ff6dff72f10 11 API calls 92728->92813 92729->92626 92814 7ff6dff76140 92731->92814 92737 7ff6dff73bbf 92739 7ff6dff73bcb 92737->92739 92893 7ff6dff766d0 11 API calls 92737->92893 92739->92667 92741 7ff6dff78ef0 10 API calls 92740->92741 92742 7ff6dff77d83 SetEnvironmentVariableW free 92741->92742 92742->92611 92744 7ff6dff7225e 92743->92744 93065 7ff6dff71a80 92744->93065 92747 7ff6dff71a80 fputc 92748 7ff6dff722ab 92747->92748 92759 7ff6dff72289 92748->92759 93068 7ff6dff71f20 92748->93068 92750 7ff6dff722ba 92750->92759 93096 7ff6dff74170 92750->93096 92754 7ff6dff722da 92755 7ff6dff72338 92754->92755 92756 7ff6dff722e2 92754->92756 93105 7ff6dff72d90 10 API calls 92755->93105 92758 7ff6dff74170 18 API calls 92756->92758 92760 7ff6dff722fc 92758->92760 92759->92618 92759->92626 92761 7ff6dff74210 4 API calls 92760->92761 92762 7ff6dff7230a strcpy 92761->92762 92762->92759 92763->92626 92764->92655 92765->92663 92766->92671 92767->92673 92769 7ff6dff744dd 92768->92769 92770 7ff6dff78ef0 10 API calls 92769->92770 92771 7ff6dff744fe 92770->92771 92772 7ff6dff78ef0 10 API calls 92771->92772 92773 7ff6dff7450f _wfopen 92772->92773 92773->92637 92775 7ff6dff78a3f 92774->92775 92782 7ff6dff78af9 free 92774->92782 92777 7ff6dff7feb0 2 API calls 92775->92777 92778 7ff6dff78a4f 92777->92778 92778->92782 93132 7ff6dff7ffa0 92778->93132 92780 7ff6dff7feb0 2 API calls 92781 7ff6dff78a5f 92780->92781 92781->92780 92781->92782 92782->92648 92783->92622 92784->92660 92785->92661 92786->92668 92787->92675 92788->92677 92789->92679 92790->92682 92791->92622 92792->92622 92793->92622 92794->92622 92795->92626 92796->92651 92797->92603 92798->92603 92799->92603 92800->92603 92801->92603 92802->92686 92803->92693 92805 7ff6dff7442c GetModuleFileNameW 92804->92805 92805->92698 92805->92699 92806->92703 92807->92702 92808->92705 92809->92713 92810->92726 92811->92721 92812->92721 92813->92729 92815 7ff6dff7614e 92814->92815 92894 7ff6dff76110 92815->92894 92818 7ff6dff76257 92919 7ff6dff72d90 10 API calls 92818->92919 92820 7ff6dff76180 92821 7ff6dff7618f 92820->92821 92823 7ff6dff74210 4 API calls 92820->92823 92897 7ff6dff74210 92821->92897 92822 7ff6dff73b9d 92822->92739 92840 7ff6dff762a0 92822->92840 92826 7ff6dff761f9 92823->92826 92825 7ff6dff761a4 92827 7ff6dff761a9 92825->92827 92917 7ff6dff72d90 10 API calls 92825->92917 92828 7ff6dff761fe 92826->92828 92918 7ff6dff72d90 10 API calls 92826->92918 92907 7ff6dff78610 92827->92907 92910 7ff6dff74340 92828->92910 92833 7ff6dff761b1 92835 7ff6dff761bd 92833->92835 92836 7ff6dff76279 92833->92836 92916 7ff6dff75810 54 API calls 92835->92916 92920 7ff6dff72e70 10 API calls 92836->92920 92839 7ff6dff78610 12 API calls 92839->92821 92945 7ff6dff74870 calloc 92840->92945 92843 7ff6dff76462 92991 7ff6dff72d90 10 API calls 92843->92991 92844 7ff6dff762bc 92846 7ff6dff762cc 92844->92846 92847 7ff6dff76412 92844->92847 92849 7ff6dff762dd 92846->92849 92850 7ff6dff7647e 92846->92850 92988 7ff6dff72d90 10 API calls 92847->92988 92960 7ff6dff74c30 92849->92960 92992 7ff6dff72d90 10 API calls 92850->92992 92855 7ff6dff762f4 92856 7ff6dff762fc 92855->92856 92857 7ff6dff7642a 92855->92857 92860 7ff6dff76438 92856->92860 92861 7ff6dff7630f 92856->92861 92989 7ff6dff72d90 10 API calls 92857->92989 92859 7ff6dff7638d 92980 7ff6dff747e0 92859->92980 92990 7ff6dff72d90 10 API calls 92860->92990 92972 7ff6dff74d60 92861->92972 92864 7ff6dff7631a 92865 7ff6dff76446 92864->92865 92866 7ff6dff76322 92864->92866 92868 7ff6dff72d90 10 API calls 92865->92868 92867 7ff6dff75020 11 API calls 92866->92867 92869 7ff6dff7632d 92867->92869 92868->92859 92870 7ff6dff76454 92869->92870 92871 7ff6dff76335 92869->92871 92872 7ff6dff72d90 10 API calls 92870->92872 92873 7ff6dff76348 92871->92873 92874 7ff6dff76470 92871->92874 92872->92859 92876 7ff6dff763be fflush 92873->92876 92878 7ff6dff7634f 92873->92878 92875 7ff6dff72d90 10 API calls 92874->92875 92875->92859 92877 7ff6dff763cd fflush 92876->92877 92877->92878 92878->92859 92879 7ff6dff72d90 10 API calls 92878->92879 92879->92859 92880 7ff6dff76490 strlen 92881 7ff6dff764cd 92880->92881 92882 7ff6dff765e9 92881->92882 92891 7ff6dff764d9 92881->92891 93026 7ff6dff72d90 10 API calls 92882->93026 92884 7ff6dff765c0 92884->92737 92885 7ff6dff765d8 92885->92737 92887 7ff6dff76583 93025 7ff6dff72d90 10 API calls 92887->93025 92890 7ff6dff7652b free 92890->92891 92891->92885 92891->92887 92891->92890 92999 7ff6dff71ac0 92891->92999 92892 7ff6dff76592 free 92892->92884 92893->92739 92921 7ff6dff80070 92894->92921 92929 7ff6dff74140 92897->92929 92900 7ff6dff742a8 92900->92825 92901 7ff6dff74254 strlen 92901->92900 92902 7ff6dff74269 92901->92902 92903 7ff6dff74279 strncat 92902->92903 92904 7ff6dff74290 92902->92904 92905 7ff6dff7427e 92903->92905 92906 7ff6dff74295 strlen 92904->92906 92905->92825 92906->92905 92908 7ff6dff78ef0 10 API calls 92907->92908 92909 7ff6dff78623 LoadLibraryExW free 92908->92909 92909->92833 92911 7ff6dff7434b 92910->92911 92912 7ff6dff78ef0 10 API calls 92911->92912 92913 7ff6dff74364 92912->92913 92932 7ff6dff7fdab 92913->92932 92916->92822 92917->92827 92918->92828 92919->92822 92920->92822 92922 7ff6dff800bb 92921->92922 92923 7ff6dff80092 92921->92923 92928 7ff6dff82185 fputc 92922->92928 92927 7ff6dff82185 fputc 92923->92927 92926 7ff6dff76134 92926->92818 92926->92820 92927->92926 92928->92926 92930 7ff6dff80070 fputc 92929->92930 92931 7ff6dff74164 92930->92931 92931->92900 92931->92901 92939 7ff6dff7fbc0 92932->92939 92934 7ff6dff7fdc7 92935 7ff6dff7fde8 free 92934->92935 92936 7ff6dff7fdf4 92934->92936 92935->92936 92937 7ff6dff74371 92936->92937 92938 7ff6dff7fdfa memset 92936->92938 92937->92821 92937->92839 92938->92937 92940 7ff6dff7fc21 92939->92940 92941 7ff6dff7fbdf 92939->92941 92940->92934 92941->92940 92942 7ff6dff7fbef wcslen 92941->92942 92942->92940 92944 7ff6dff7fc04 92942->92944 92943 7ff6dff7fd56 malloc memcpy 92943->92940 92944->92940 92944->92943 92946 7ff6dff74b08 92945->92946 92955 7ff6dff7489e 92945->92955 92946->92843 92946->92844 92947 7ff6dff74b80 92948 7ff6dff74901 strncmp 92948->92955 92949 7ff6dff74925 strcmp 92949->92955 92950 7ff6dff749b0 calloc calloc 92952 7ff6dff74b00 92950->92952 92957 7ff6dff749e5 92950->92957 92951 7ff6dff74950 strcmp 92951->92955 92954 7ff6dff747e0 4 API calls 92952->92954 92953 7ff6dff74978 strcmp 92953->92955 92954->92946 92955->92947 92955->92948 92955->92949 92955->92950 92955->92951 92955->92953 92993 7ff6dff74670 strlen strncmp 92955->92993 92957->92946 92957->92952 92958 7ff6dff746e0 mbstowcs 92957->92958 92959 7ff6dff74670 strlen strncmp 92957->92959 92958->92957 92959->92957 92961 7ff6dff74ca8 92960->92961 92962 7ff6dff74c44 92960->92962 92996 7ff6dff74730 11 API calls 92961->92996 92963 7ff6dff74c46 92962->92963 92964 7ff6dff74c70 92962->92964 92966 7ff6dff74c98 92963->92966 92994 7ff6dff74730 11 API calls 92963->92994 92964->92966 92995 7ff6dff74730 11 API calls 92964->92995 92966->92855 92967 7ff6dff74cbe 92967->92855 92970 7ff6dff74c66 92970->92855 92971 7ff6dff74c8d 92971->92855 92973 7ff6dff74d6e 92972->92973 92997 7ff6dff747b0 fputc 92973->92997 92975 7ff6dff74dc9 92977 7ff6dff74e3d 92975->92977 92998 7ff6dff747b0 fputc 92975->92998 92978 7ff6dff74dff 92978->92977 92979 7ff6dff78ef0 10 API calls 92978->92979 92979->92978 92981 7ff6dff73bb3 92980->92981 92982 7ff6dff747ee 92980->92982 92981->92739 92981->92880 92983 7ff6dff74816 free 92982->92983 92984 7ff6dff74800 free 92982->92984 92985 7ff6dff74846 free 92983->92985 92986 7ff6dff74826 92983->92986 92984->92983 92984->92984 92985->92981 92987 7ff6dff74830 free 92986->92987 92987->92985 92987->92987 92988->92859 92989->92859 92990->92859 92991->92859 92992->92859 92993->92955 92994->92970 92995->92971 92996->92967 92997->92975 92998->92978 93000 7ff6dff744d0 11 API calls 92999->93000 93001 7ff6dff71ae2 93000->93001 93002 7ff6dff71bf0 93001->93002 93003 7ff6dff71aee 93001->93003 93053 7ff6dff72d90 10 API calls 93002->93053 93027 7ff6dff7feb0 93003->93027 93007 7ff6dff71b98 93007->92891 93008 7ff6dff71b08 malloc 93010 7ff6dff71c06 93008->93010 93011 7ff6dff71b21 93008->93011 93009 7ff6dff71bd0 93052 7ff6dff72f10 11 API calls 93009->93052 93054 7ff6dff72f10 11 API calls 93010->93054 93013 7ff6dff71b2d 93011->93013 93014 7ff6dff71bb0 93011->93014 93017 7ff6dff71b48 fread 93013->93017 93018 7ff6dff71b35 93013->93018 93030 7ff6dff71710 93014->93030 93021 7ff6dff71b6d 93017->93021 93022 7ff6dff71b40 93017->93022 93019 7ff6dff71b90 fclose 93018->93019 93019->93007 93020 7ff6dff71bc1 93020->93019 93024 7ff6dff71b85 free 93020->93024 93051 7ff6dff72f10 11 API calls 93021->93051 93022->93017 93022->93019 93024->93018 93025->92892 93026->92884 93055 7ff6dff7fef0 93027->93055 93031 7ff6dff71779 93030->93031 93032 7ff6dff719fb 93031->93032 93033 7ff6dff71783 malloc 93031->93033 93062 7ff6dff72d90 10 API calls 93032->93062 93034 7ff6dff71a52 93033->93034 93035 7ff6dff71799 malloc 93033->93035 93064 7ff6dff72f10 11 API calls 93034->93064 93038 7ff6dff71a3b 93035->93038 93039 7ff6dff717af 93035->93039 93063 7ff6dff72f10 11 API calls 93038->93063 93040 7ff6dff717b3 fread 93039->93040 93043 7ff6dff718f5 93039->93043 93045 7ff6dff718c4 93039->93045 93046 7ff6dff71852 fwrite 93039->93046 93042 7ff6dff717db ferror 93040->93042 93040->93043 93042->93039 93042->93043 93044 7ff6dff71902 free free 93043->93044 93044->93020 93045->93043 93061 7ff6dff72d90 10 API calls 93045->93061 93048 7ff6dff719ed 93046->93048 93049 7ff6dff7187a ferror 93046->93049 93048->93045 93049->93048 93050 7ff6dff7188f 93049->93050 93050->93039 93051->93024 93052->93018 93053->93007 93054->93018 93056 7ff6dff7ff36 93055->93056 93060 7ff6dff7ff0a 93055->93060 93057 7ff6dff7ff78 _errno 93056->93057 93056->93060 93059 7ff6dff71b00 93057->93059 93058 7ff6dff7ff8a fsetpos 93058->93059 93059->93008 93059->93009 93060->93058 93060->93059 93061->93043 93062->93039 93063->93034 93064->93034 93066 7ff6dff80070 fputc 93065->93066 93067 7ff6dff71a9d 93066->93067 93067->92747 93067->92759 93069 7ff6dff744d0 11 API calls 93068->93069 93070 7ff6dff71f3a 93069->93070 93071 7ff6dff7211c 93070->93071 93072 7ff6dff78a10 5 API calls 93070->93072 93110 7ff6dff72f10 11 API calls 93071->93110 93073 7ff6dff71f73 93072->93073 93074 7ff6dff71f7b 93073->93074 93077 7ff6dff7feb0 2 API calls 93073->93077 93076 7ff6dff71f80 fclose 93074->93076 93076->92750 93079 7ff6dff71fa5 93077->93079 93078 7ff6dff7213e 93078->93078 93080 7ff6dff71fad fread 93079->93080 93081 7ff6dff720d0 93079->93081 93082 7ff6dff71fcd 93080->93082 93083 7ff6dff720e3 93080->93083 93107 7ff6dff72f10 11 API calls 93081->93107 93085 7ff6dff7feb0 2 API calls 93082->93085 93108 7ff6dff72f10 11 API calls 93083->93108 93087 7ff6dff72016 malloc 93085->93087 93087->93071 93089 7ff6dff72032 fread 93087->93089 93088 7ff6dff72103 93109 7ff6dff72d90 10 API calls 93088->93109 93090 7ff6dff72048 93089->93090 93091 7ff6dff720b0 93089->93091 93090->93088 93095 7ff6dff72066 93090->93095 93106 7ff6dff72f10 11 API calls 93091->93106 93094 7ff6dff720c3 93094->93081 93095->93076 93097 7ff6dff7417c 93096->93097 93098 7ff6dff74140 fputc 93097->93098 93099 7ff6dff7419e 93098->93099 93100 7ff6dff722cb 93099->93100 93111 7ff6dff7f220 93099->93111 93104 7ff6dff721d0 strlen strncmp 93100->93104 93103 7ff6dff74140 fputc 93103->93100 93104->92754 93105->92759 93106->93094 93107->93083 93108->93088 93109->93071 93110->93078 93112 7ff6dff7f244 93111->93112 93113 7ff6dff7f25f setlocale 93112->93113 93114 7ff6dff7f24f _strdup 93112->93114 93115 7ff6dff7f6ab wcstombs realloc wcstombs setlocale free 93113->93115 93116 7ff6dff7f27e 93113->93116 93114->93113 93117 7ff6dff741b2 93115->93117 93116->93115 93118 7ff6dff7f28d mbstowcs 93116->93118 93117->93103 93119 7ff6dff7ee70 93118->93119 93120 7ff6dff7f2e6 mbstowcs 93119->93120 93121 7ff6dff7f39b 93120->93121 93122 7ff6dff7f334 93120->93122 93123 7ff6dff7f6a1 93121->93123 93125 7ff6dff7f3cb 93121->93125 93122->93121 93124 7ff6dff7f375 setlocale free 93122->93124 93123->93115 93124->93117 93126 7ff6dff7f44a wcstombs realloc wcstombs 93125->93126 93130 7ff6dff7f44f wcstombs 93125->93130 93128 7ff6dff7f67e setlocale free 93126->93128 93128->93117 93130->93128 93131 7ff6dff7f5d5 93130->93131 93131->93128 93135 7ff6dff7ffc0 fgetpos 93132->93135 93136 7ff6dff7ffb8 93135->93136 93136->92781 93137 7ff8a8654d34 93138 7ff8a8654d40 93137->93138 93139 7ff8a8654d94 93138->93139 93140 7ff8a8654d64 ERR_put_error 93138->93140 93176 7ff8a8631073 93139->93176 93141 7ff8a8654d82 93140->93141 93143 7ff8a8654da0 93143->93141 93187 7ff8a8631d9d 93143->93187 93145 7ff8a8654dae 93146 7ff8a8654e18 CRYPTO_zalloc 93145->93146 93147 7ff8a8654db2 ERR_put_error 93145->93147 93148 7ff8a8654dd4 ERR_put_error 93146->93148 93149 7ff8a8654e37 CRYPTO_THREAD_lock_new 93146->93149 93147->93148 93191 7ff8a863214e 43 API calls 93148->93191 93153 7ff8a8654e7e ERR_put_error CRYPTO_free 93149->93153 93154 7ff8a8654eb8 93149->93154 93175 7ff8a8654e01 93153->93175 93154->93148 93155 7ff8a8654ede OPENSSL_LH_new 93154->93155 93155->93148 93156 7ff8a8654efe 93155->93156 93156->93148 93157 7ff8a8654f71 OPENSSL_sk_num 93156->93157 93157->93148 93158 7ff8a8654f82 93157->93158 93158->93148 93159 7ff8a8654f97 EVP_get_digestbyname 93158->93159 93159->93148 93160 7ff8a8654fbf EVP_get_digestbyname 93159->93160 93160->93148 93161 7ff8a8654fe7 OPENSSL_sk_new_null 93160->93161 93161->93148 93162 7ff8a8654ffc OPENSSL_sk_new_null 93161->93162 93162->93148 93163 7ff8a8655011 CRYPTO_new_ex_data 93162->93163 93163->93148 93164 7ff8a865502d 93163->93164 93164->93148 93165 7ff8a865506d RAND_bytes 93164->93165 93192 7ff8a863129e CRYPTO_THREAD_run_once 93164->93192 93166 7ff8a8655098 RAND_priv_bytes 93165->93166 93167 7ff8a86550c6 93165->93167 93166->93167 93169 7ff8a86550ad RAND_priv_bytes 93166->93169 93170 7ff8a86550d0 RAND_priv_bytes 93167->93170 93169->93167 93169->93170 93170->93148 93172 7ff8a86550e9 93170->93172 93171 7ff8a8655066 93171->93165 93172->93148 93173 7ff8a86550f9 93172->93173 93193 7ff8a8631f3c 6 API calls 93173->93193 93176->93143 93177 7ff8a86533d0 93176->93177 93178 7ff8a865342c 93177->93178 93179 7ff8a86533ec 93177->93179 93180 7ff8a865341f 93178->93180 93182 7ff8a865344b CRYPTO_THREAD_run_once 93178->93182 93179->93180 93181 7ff8a86533f5 ERR_put_error 93179->93181 93180->93143 93181->93180 93182->93180 93183 7ff8a865346f 93182->93183 93184 7ff8a8653498 93183->93184 93185 7ff8a8653476 CRYPTO_THREAD_run_once 93183->93185 93184->93180 93186 7ff8a865349f CRYPTO_THREAD_run_once 93184->93186 93185->93180 93185->93184 93186->93180 93187->93145 93188 7ff8a864a9b0 93187->93188 93189 7ff8a864a9ba CRYPTO_THREAD_run_once 93188->93189 93190 7ff8a864a9e4 93189->93190 93190->93145 93191->93175 93192->93171 93193->93175 93194 7ff8a8631e33 93195 7ff8a8648e70 93194->93195 93196 7ff8a8648ed9 93195->93196 93197 7ff8a8648ef5 BIO_ctrl 93195->93197 93198 7ff8a8648f14 93197->93198 94122 7ff8a86e2e5f 94124 7ff8a88aae60 94122->94124 94123 7ff8a88aae97 94124->94123 94128 7ff8a88ab9b0 memmove 94124->94128 94126 7ff8a88aaf6f 94126->94123 94129 7ff8a88ab9b0 memmove 94126->94129 94128->94126 94129->94123 93199 61cc6580 PySys_GetObject 93200 61cc65af PyTuple_GetItem 93199->93200 93201 61cc6be6 93199->93201 93200->93201 93202 61cc65c6 PyLong_AsLong PyTuple_GetItem 93200->93202 93202->93201 93203 61cc65eb PyLong_AsLong PySys_GetObject 93202->93203 93204 61cc6606 PyLong_AsVoidPtr 93203->93204 93205 61cc6612 GetProcAddress GetProcAddress GetProcAddress PyModule_Create2 93203->93205 93204->93205 93205->93201 93206 61cc66a6 PyModule_GetName 93205->93206 93206->93201 93207 61cc66bb strrchr 93206->93207 93208 61cc670f 93207->93208 93209 61cc66d8 malloc 93207->93209 93211 61cc6e10 93208->93211 93212 61cc672e 93208->93212 93209->93208 93210 61cc66f2 memcpy 93209->93210 93210->93208 93215 61cc7577 exit 93211->93215 93226 61cc6a3c 93211->93226 93393 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93211->93393 93213 61cc72b9 93212->93213 93214 61cc6743 PyBytes_FromStringAndSize 93212->93214 93218 61cc72c9 93213->93218 93219 61cc73f7 93213->93219 93216 61cc6be0 93214->93216 93217 61cc6761 PyBytes_AsString 93214->93217 93216->93201 93221 61cc6c16 _Py_Dealloc 93216->93221 93222 61cc677a malloc 93217->93222 93223 61cc6c00 93217->93223 93218->93215 93396 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93218->93396 93397 61cc1660 13 API calls 93219->93397 93221->93201 93222->93223 93227 61cc6791 PyCMethod_New 93222->93227 93223->93216 93233 61cc6c0a _Py_Dealloc 93223->93233 93224 61cc6e40 93224->93226 93229 61cc6e4c PyErr_Format 93224->93229 93235 61cc72e9 PyErr_Format 93226->93235 93238 61cc7294 93226->93238 93244 61cc753d 93226->93244 93245 61cc6a57 93226->93245 93231 61cc67d9 PyCMethod_New 93227->93231 93232 61cc6c21 93227->93232 93236 61cc6e80 93229->93236 93230 61cc6a74 93230->93219 93237 61cc6a7c 93230->93237 93231->93232 93239 61cc681f PyCMethod_New 93231->93239 93240 61cc6c2f 93232->93240 93241 61cc6d60 _Py_Dealloc 93232->93241 93233->93201 93233->93221 93249 61cc731f 93235->93249 93236->93216 93250 61cc6e9b PyBytes_AsStringAndSize 93236->93250 93387 61cdfee0 31 API calls 93237->93387 93239->93232 93246 61cc6865 PyBytes_FromStringAndSize 93239->93246 93240->93223 93241->93226 93405 61cc1660 13 API calls 93244->93405 93245->93216 93245->93238 93335 61cdf680 93245->93335 93246->93216 93248 61cc6896 PyBytes_AsString 93246->93248 93247 61cc6ac7 93251 61cc6acf 93247->93251 93252 61cc7505 93247->93252 93253 61cd42f0 93248->93253 93254 61cc7330 93249->93254 93255 61cc7472 93249->93255 93250->93216 93274 61cc6eb7 93250->93274 93257 61cc6adb 93251->93257 93258 61cc74e7 93251->93258 93404 61cc1660 13 API calls 93252->93404 93259 61cc6974 _time64 srand 93253->93259 93254->93215 93282 61cc7343 93254->93282 93400 61cc80e0 7 API calls 93255->93400 93264 61cc6c35 malloc 93257->93264 93267 61cc6b19 strstr 93257->93267 93268 61cc6b74 93257->93268 93403 61cc1660 13 API calls 93258->93403 93381 61cddc80 __iob_func abort 93259->93381 93262 61cc6f12 93262->93255 93272 61cc6f39 memcpy 93262->93272 93263 61cc6d3e 93263->93216 93334 61cc6d46 93263->93334 93269 61cc7529 _errno 93264->93269 93270 61cc6c50 93264->93270 93266 61cc6ef5 93394 61cc80e0 7 API calls 93266->93394 93267->93268 93275 61cc6b35 93267->93275 93278 61cc6b85 93268->93278 93279 61cc7520 93268->93279 93276 61cc7440 93269->93276 93389 61cc7d90 memcpy strlen memcpy __iob_func abort 93270->93389 93271 61cc69ae 93271->93249 93382 61cde0f0 10 API calls 93271->93382 93272->93226 93281 61cc6f4f _Py_Dealloc 93272->93281 93274->93262 93274->93266 93275->93268 93283 61cc6b50 strncmp 93275->93283 93398 61cc7fe0 8 API calls 93276->93398 93278->93215 93284 61cc6b9c 93278->93284 93279->93269 93281->93226 93288 61cc7363 PyErr_Format 93282->93288 93283->93264 93283->93268 93388 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93284->93388 93285 61cc6c73 93390 61d3f060 __iob_func abort 93285->93390 93288->93216 93290 61cc69c3 93290->93249 93383 61cdde60 10 API calls 93290->93383 93292 61cc744a _errno 93292->93216 93293 61cc6ba9 93297 61cc749c 93293->93297 93298 61cc6bb5 PyErr_Format 93293->93298 93294 61cc6c8f 93295 61cc7457 93294->93295 93296 61cc6c97 93294->93296 93399 61cc1660 13 API calls 93295->93399 93301 61cc6ca9 malloc 93296->93301 93302 61cc6ca4 free 93296->93302 93306 61cc74ab 93297->93306 93298->93216 93304 61cc6cc6 memcpy 93301->93304 93305 61cc7431 _errno 93301->93305 93302->93301 93303 61cc69d8 93303->93249 93384 61cdd890 10 API calls 93303->93384 93307 61cc6ce7 93304->93307 93308 61cc6f80 93304->93308 93305->93276 93401 61cc1660 13 API calls 93306->93401 93311 61cc6ced 93307->93311 93312 61cc6da0 93307->93312 93308->93215 93330 61cc7383 93308->93330 93395 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93308->93395 93316 61cc6d07 malloc 93311->93316 93317 61cc6d02 free 93311->93317 93326 61cc6d36 93311->93326 93312->93215 93312->93330 93392 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93312->93392 93313 61cc69ed 93314 61cc74c9 93313->93314 93315 61cc69fb 93313->93315 93402 61cc1660 13 API calls 93314->93402 93385 61cddb30 10 API calls 93315->93385 93323 61cc6d24 memcpy 93316->93323 93324 61cc7563 _errno 93316->93324 93317->93316 93322 61cc6a07 93322->93306 93386 61cdd9e0 10 API calls 93322->93386 93323->93326 93324->93276 93325 61cc6fb1 93328 61cc6fbd PyErr_Format 93325->93328 93325->93330 93326->93263 93391 61cc4050 209 API calls 93326->93391 93327 61cc6dd1 93329 61cc6ddd PyErr_Format 93327->93329 93327->93330 93328->93216 93329->93216 93330->93235 93333 61cc6a21 93333->93226 93333->93236 93333->93244 93334->93201 93336 61cdfafc 93335->93336 93337 61cdf6a0 93335->93337 93339 61cdd820 2 API calls 93336->93339 93338 61cdfae3 93337->93338 93341 61cdf6bb 93337->93341 93342 61cdfaca 93337->93342 93343 61cdd820 2 API calls 93338->93343 93340 61cdfb15 93339->93340 93344 61cdfd05 93340->93344 93348 61cdfb5d 93340->93348 93349 61cdfcec 93340->93349 93406 61ce1330 93341->93406 93415 61cdd820 __iob_func 93342->93415 93343->93336 93347 61cdd820 2 API calls 93344->93347 93351 61cdfd1e 93347->93351 93348->93351 93365 61cdfb66 93348->93365 93354 61cdd820 2 API calls 93349->93354 93355 61cdd820 2 API calls 93351->93355 93352 61cdf715 calloc 93357 61cdf734 93352->93357 93363 61cdf818 93352->93363 93353 61cdf703 93353->93230 93354->93344 93372 61cdfc46 93355->93372 93356 61cdfb70 93356->93230 93410 61ce23e0 6 API calls 93357->93410 93359 61cdf76a 93360 61cdf76e 93359->93360 93361 61cdf7e0 93359->93361 93411 61ce2270 __iob_func abort calloc free 93360->93411 93412 61ce2270 __iob_func abort calloc free 93361->93412 93369 61cdfa40 93363->93369 93370 61cdf8d3 93363->93370 93377 61cdf7c4 93363->93377 93365->93356 93366 61ce1330 24 API calls 93365->93366 93367 61cdfbc2 93366->93367 93367->93356 93367->93372 93378 61cdfbd8 93367->93378 93368 61cdf7ce free 93368->93353 93369->93377 93414 61ce2270 __iob_func abort calloc free 93369->93414 93370->93377 93413 61ce2270 __iob_func abort calloc free 93370->93413 93371 61ce1330 24 API calls 93371->93372 93372->93371 93379 61cdfcd1 93372->93379 93420 61ce4ae0 __iob_func abort 93372->93420 93377->93368 93378->93372 93378->93379 93418 61ce1600 __iob_func abort calloc free free 93378->93418 93379->93372 93419 61ce1600 __iob_func abort calloc free free 93379->93419 93381->93271 93382->93290 93383->93303 93384->93313 93385->93322 93386->93333 93387->93247 93388->93293 93389->93285 93390->93294 93391->93263 93392->93327 93393->93224 93394->93216 93395->93325 93396->93235 93397->93216 93398->93292 93399->93263 93400->93216 93401->93216 93402->93263 93403->93263 93404->93263 93405->93216 93407 61ce1367 93406->93407 93408 61cdf6fd 93406->93408 93407->93408 93421 61cdc540 93407->93421 93408->93352 93408->93353 93410->93359 93411->93377 93412->93363 93413->93377 93414->93377 93416 61d415f0 93415->93416 93417 61cdd851 abort 93416->93417 93418->93378 93419->93379 93420->93372 93422 61cdc549 93421->93422 93423 61cdc554 93421->93423 93422->93407 93424 61cdd820 2 API calls 93423->93424 93425 61cdc56d 93424->93425 93426 61cdc579 93425->93426 93427 61cdd820 2 API calls 93425->93427 93426->93407 93428 61cdc5b1 93427->93428 93429 61cdc5c9 93428->93429 93430 61cdd820 2 API calls 93428->93430 93429->93407 93431 61cdc600 93430->93431 93432 61cdc619 93431->93432 93433 61cdc625 93431->93433 93730 61cecae0 memset memset rand memset 93432->93730 93435 61cdd820 2 API calls 93433->93435 93441 61cdc63e 93435->93441 93436 61cdc61e 93436->93407 93437 61cdc6d2 93439 61cdd820 2 API calls 93437->93439 93438 61cdc6b9 93440 61cdd820 2 API calls 93438->93440 93453 61cdc6eb 93439->93453 93440->93437 93441->93437 93441->93438 93442 61cdc6a0 93441->93442 93444 61cdc65c 93441->93444 93445 61cdc687 93441->93445 93443 61cdd820 2 API calls 93442->93443 93443->93438 93731 61ce8460 9 API calls 93444->93731 93447 61cdd820 2 API calls 93445->93447 93446 61cdc782 93450 61cdd820 2 API calls 93446->93450 93447->93442 93449 61cdc769 93451 61cdd820 2 API calls 93449->93451 93455 61cdc79b 93450->93455 93451->93446 93452 61cdc661 93452->93407 93453->93446 93453->93449 93454 61cdc750 93453->93454 93457 61cdc70c 93453->93457 93458 61cdc737 93453->93458 93456 61cdd820 2 API calls 93454->93456 93459 61cdc7ab 93455->93459 93460 61cdd820 2 API calls 93455->93460 93456->93449 93732 61ce8070 9 API calls 93457->93732 93461 61cdd820 2 API calls 93458->93461 93463 61cdc7b0 93459->93463 93464 61cdd820 2 API calls 93459->93464 93460->93459 93461->93454 93463->93407 93466 61cdc823 93464->93466 93465 61cdc711 93465->93407 93467 61cdca62 93466->93467 93469 61cdd820 2 API calls 93466->93469 93480 61cdc848 93466->93480 93468 61cdd820 2 API calls 93467->93468 93470 61cdca7b 93468->93470 93469->93467 93471 61cdca89 93470->93471 93472 61cdd820 2 API calls 93470->93472 93473 61cdca8e 93471->93473 93474 61cdd820 2 API calls 93471->93474 93472->93471 93473->93407 93475 61cdcacc 93474->93475 93476 61cdcad9 93475->93476 93477 61cdcaf2 93475->93477 93478 61cdcb24 93476->93478 93481 61cdcb0b 93476->93481 93482 61cdcae3 93476->93482 93479 61cdd820 2 API calls 93477->93479 93483 61cdd820 2 API calls 93478->93483 93479->93481 93480->93407 93486 61cdd820 2 API calls 93481->93486 93733 61cecdd0 memset memcpy memset memset 93482->93733 93484 61cdcb3d 93483->93484 93487 61cdcb49 93484->93487 93490 61cdd820 2 API calls 93484->93490 93486->93478 93489 61cdcb91 93487->93489 93491 61cdcb53 93487->93491 93493 61cdd820 2 API calls 93487->93493 93488 61cdcaeb 93488->93407 93492 61cdd820 2 API calls 93489->93492 93490->93487 93491->93407 93494 61cdcbaa 93492->93494 93493->93489 93495 61cdcbcf 93494->93495 93496 61cdcbb9 93494->93496 93497 61cdd820 2 API calls 93495->93497 93498 61cdcc01 93496->93498 93499 61cdcbe8 93496->93499 93501 61cdcbc3 93496->93501 93497->93499 93500 61cdd820 2 API calls 93498->93500 93503 61cdd820 2 API calls 93499->93503 93504 61cdcc1a 93500->93504 93734 61ce7fb0 memset memset 93501->93734 93503->93498 93506 61cdcc29 93504->93506 93507 61cdd820 2 API calls 93504->93507 93505 61cdcbc8 93505->93407 93508 61cdd820 2 API calls 93506->93508 93512 61cdcc2e 93506->93512 93507->93506 93509 61cdcc7e 93508->93509 93510 61cdcc9f 93509->93510 93511 61cdcc89 93509->93511 93514 61cdd820 2 API calls 93510->93514 93513 61cdccd1 93511->93513 93515 61cdccb8 93511->93515 93516 61cdcc93 93511->93516 93512->93407 93517 61cdd820 2 API calls 93513->93517 93514->93515 93519 61cdd820 2 API calls 93515->93519 93735 61ce83a0 memset memset 93516->93735 93520 61cdccea 93517->93520 93519->93513 93522 61cdd820 2 API calls 93520->93522 93524 61cdccf9 93520->93524 93521 61cdcc98 93521->93407 93523 61cdcd30 93522->93523 93525 61cdcd49 93523->93525 93526 61cdcd5a 93523->93526 93524->93407 93527 61cdcd4e 93525->93527 93528 61cdcd73 93525->93528 93529 61cdd820 2 API calls 93526->93529 93736 61ce98f0 memset 93527->93736 93531 61cdd820 2 API calls 93528->93531 93529->93528 93532 61cdcd8c 93531->93532 93534 61cdcd9d 93532->93534 93535 61cdcdc4 93532->93535 93533 61cdcd53 93533->93407 93536 61cdcddd 93534->93536 93537 61cdcda2 93534->93537 93538 61cdd820 2 API calls 93535->93538 93540 61cdd820 2 API calls 93536->93540 93737 61d09f00 16 API calls 93537->93737 93538->93536 93546 61cdcdf6 93540->93546 93541 61cdcdb1 93541->93407 93542 61cdce92 93544 61cdd820 2 API calls 93542->93544 93543 61cdce79 93545 61cdd820 2 API calls 93543->93545 93548 61cdceab 93544->93548 93545->93542 93546->93542 93546->93543 93547 61cdce60 93546->93547 93550 61cdce1c 93546->93550 93551 61cdce47 93546->93551 93549 61cdd820 2 API calls 93547->93549 93552 61cdd820 2 API calls 93548->93552 93549->93543 93738 61ceca50 16 API calls 93550->93738 93553 61cdd820 2 API calls 93551->93553 93555 61cdcedb 93552->93555 93553->93547 93557 61cdcee9 93555->93557 93558 61cdcefa 93555->93558 93556 61cdce21 93556->93407 93559 61cdceee 93557->93559 93560 61cdcf13 93557->93560 93561 61cdd820 2 API calls 93558->93561 93739 61cecbd0 memset memset 93559->93739 93563 61cdd820 2 API calls 93560->93563 93561->93560 93565 61cdcf2c 93563->93565 93564 61cdcef3 93564->93407 93566 61cdcf3d calloc 93565->93566 93567 61cdcf5e 93565->93567 93566->93407 93568 61cdd820 2 API calls 93567->93568 93569 61cdcf77 93568->93569 93570 61cdd010 93569->93570 93571 61cdcff7 93569->93571 93572 61cdcf97 calloc 93569->93572 93573 61cdd820 2 API calls 93570->93573 93575 61cdd820 2 API calls 93571->93575 93574 61cdcfe1 93572->93574 93582 61cdcfb3 93572->93582 93576 61cdd029 93573->93576 93574->93407 93575->93570 93577 61cdd0a9 93576->93577 93579 61cdd090 93576->93579 93580 61cdd077 93576->93580 93581 61cdd043 93576->93581 93578 61cdd820 2 API calls 93577->93578 93584 61cdd0c2 93578->93584 93583 61cdd820 2 API calls 93579->93583 93586 61cdd820 2 API calls 93580->93586 93740 61d09870 10 API calls 93581->93740 93582->93574 93589 61cdcfd9 free 93582->93589 93583->93577 93587 61cdd149 93584->93587 93591 61cdd130 93584->93591 93592 61cdd117 93584->93592 93593 61cdd0e3 93584->93593 93586->93579 93590 61cdd820 2 API calls 93587->93590 93588 61cdd048 93588->93407 93589->93574 93601 61cdd162 93590->93601 93594 61cdd820 2 API calls 93591->93594 93596 61cdd820 2 API calls 93592->93596 93741 61d1ac60 9 API calls 93593->93741 93594->93587 93596->93591 93597 61cdd202 93600 61cdd820 2 API calls 93597->93600 93598 61cdd0e8 93598->93407 93599 61cdd1e9 93604 61cdd820 2 API calls 93599->93604 93603 61cdd21b 93600->93603 93601->93597 93601->93599 93602 61cdd1d0 93601->93602 93605 61cdd18c 93601->93605 93606 61cdd1b7 93601->93606 93609 61cdd820 2 API calls 93602->93609 93607 61cdd23f 93603->93607 93608 61cdd229 93603->93608 93604->93597 93742 61d09620 9 API calls 93605->93742 93613 61cdd820 2 API calls 93606->93613 93612 61cdd820 2 API calls 93607->93612 93611 61cdd271 93608->93611 93614 61cdd258 93608->93614 93615 61cdd233 93608->93615 93609->93599 93616 61cdd820 2 API calls 93611->93616 93612->93614 93613->93602 93618 61cdd820 2 API calls 93614->93618 93743 61d0a1f0 9 API calls 93615->93743 93619 61cdd28a 93616->93619 93618->93611 93622 61cdd2af 93619->93622 93623 61cdd299 93619->93623 93620 61cdd191 93620->93407 93621 61cdd238 93621->93407 93624 61cdd820 2 API calls 93622->93624 93625 61cdd2e1 93623->93625 93626 61cdd2c8 93623->93626 93628 61cdd2a3 93623->93628 93624->93626 93627 61cdd820 2 API calls 93625->93627 93630 61cdd820 2 API calls 93626->93630 93631 61cdd2fa 93627->93631 93744 61d09670 9 API calls 93628->93744 93630->93625 93633 61cdd370 93631->93633 93635 61cdd820 2 API calls 93631->93635 93644 61cdd312 93631->93644 93632 61cdd2a8 93632->93407 93634 61cdd820 2 API calls 93633->93634 93636 61cdd389 93634->93636 93635->93633 93637 61cdd3e1 93636->93637 93639 61cdd39e 93636->93639 93640 61cdd3c8 93636->93640 93638 61cdd820 2 API calls 93637->93638 93642 61cdd3fa 93638->93642 93745 61ceaa50 9 API calls 93639->93745 93641 61cdd820 2 API calls 93640->93641 93641->93637 93645 61cdd409 93642->93645 93646 61cdd41a 93642->93646 93644->93407 93648 61cdd40e 93645->93648 93649 61cdd433 93645->93649 93650 61cdd820 2 API calls 93646->93650 93647 61cdd3a3 93647->93407 93746 61d091d0 memset 93648->93746 93652 61cdd820 2 API calls 93649->93652 93650->93649 93654 61cdd44c 93652->93654 93653 61cdd413 93653->93407 93655 61cdd459 93654->93655 93656 61cdd46a 93654->93656 93658 61cdd45e 93655->93658 93659 61cdd483 93655->93659 93657 61cdd820 2 API calls 93656->93657 93657->93659 93747 61ce8420 memset memset 93658->93747 93660 61cdd820 2 API calls 93659->93660 93663 61cdd49c 93660->93663 93662 61cdd463 93662->93407 93664 61cdd4a9 93663->93664 93665 61cdd4ba 93663->93665 93666 61cdd4ae 93664->93666 93667 61cdd4d3 93664->93667 93668 61cdd820 2 API calls 93665->93668 93748 61ce8030 memset memset 93666->93748 93670 61cdd820 2 API calls 93667->93670 93668->93667 93672 61cdd4ec 93670->93672 93671 61cdd4b3 93671->93407 93673 61cdd4f9 93672->93673 93674 61cdd50a 93672->93674 93675 61cdd4fe 93673->93675 93676 61cdd523 93673->93676 93677 61cdd820 2 API calls 93674->93677 93749 61ce8f60 memset 93675->93749 93679 61cdd820 2 API calls 93676->93679 93677->93676 93681 61cdd53c 93679->93681 93680 61cdd503 93680->93407 93682 61cdd549 93681->93682 93683 61cdd55a 93681->93683 93684 61cdd54e 93682->93684 93685 61cdd573 93682->93685 93686 61cdd820 2 API calls 93683->93686 93750 61ce9640 memset memset 93684->93750 93688 61cdd820 2 API calls 93685->93688 93686->93685 93689 61cdd58c 93688->93689 93691 61cdd820 2 API calls 93689->93691 93693 61cdd599 93689->93693 93690 61cdd553 93690->93407 93692 61cdd5bb 93691->93692 93694 61cdd611 93692->93694 93696 61cdd5ce 93692->93696 93697 61cdd5f8 93692->93697 93693->93407 93695 61cdd820 2 API calls 93694->93695 93698 61cdd62a 93695->93698 93751 61ce9310 memset memset 93696->93751 93700 61cdd820 2 API calls 93697->93700 93701 61cdd681 93698->93701 93703 61cdd63e 93698->93703 93704 61cdd668 93698->93704 93700->93694 93705 61cdd820 2 API calls 93701->93705 93702 61cdd5d3 93702->93407 93752 61ce8dd0 memset memset toupper memset 93703->93752 93707 61cdd820 2 API calls 93704->93707 93708 61cdd69a 93705->93708 93707->93701 93710 61cdd6a9 93708->93710 93711 61cdd820 2 API calls 93708->93711 93709 61cdd643 93709->93407 93710->93407 93712 61cdd6ce 93711->93712 93713 61cdd820 2 API calls 93712->93713 93721 61cdd6d9 93712->93721 93714 61cdd6fb 93713->93714 93715 61cdd820 2 API calls 93714->93715 93717 61cdd709 93714->93717 93716 61cdd72b 93715->93716 93718 61cdd739 93716->93718 93719 61cdd820 2 API calls 93716->93719 93717->93407 93718->93407 93720 61cdd75e 93719->93720 93722 61cdd7bd 93720->93722 93723 61cdd772 calloc 93720->93723 93721->93407 93726 61cdd820 2 API calls 93722->93726 93724 61cdd78c 93723->93724 93725 61cdd7b0 93723->93725 93727 61cdd7d6 93724->93727 93728 61cdd791 93724->93728 93725->93407 93726->93727 93729 61cdd820 2 API calls 93727->93729 93728->93407 93729->93693 93730->93436 93731->93452 93732->93465 93733->93488 93734->93505 93735->93521 93736->93533 93737->93541 93738->93556 93739->93564 93740->93588 93741->93598 93742->93620 93743->93621 93744->93632 93745->93647 93746->93653 93747->93662 93748->93671 93749->93680 93750->93690 93751->93702 93752->93709 94130 7ff6dff73770 94131 7ff6dff73786 94130->94131 94132 7ff6dff737ac 94131->94132 94133 7ff6dff739e1 94131->94133 94135 7ff6dff739ed 94132->94135 94145 7ff6dff737c4 94132->94145 94165 7ff6dff72d90 10 API calls 94133->94165 94166 7ff6dff72d90 10 API calls 94135->94166 94137 7ff6dff71ac0 26 API calls 94137->94145 94139 7ff6dff738d6 94161 7ff6dff72d90 10 API calls 94139->94161 94141 7ff6dff738c0 94142 7ff6dff73b38 94143 7ff6dff738e9 94162 7ff6dff72d90 10 API calls 94143->94162 94145->94137 94145->94139 94145->94141 94145->94143 94146 7ff6dff738b1 free 94145->94146 94147 7ff6dff73903 94145->94147 94158 7ff6dff73170 94145->94158 94146->94145 94148 7ff6dff7395b _strdup 94147->94148 94149 7ff6dff73966 94147->94149 94148->94149 94163 7ff6dff721d0 strlen strncmp 94149->94163 94150 7ff6dff739fe 94150->94142 94152 7ff6dff73b2d _strdup 94150->94152 94152->94142 94153 7ff6dff73981 94153->94150 94154 7ff6dff73989 _strdup 94153->94154 94155 7ff6dff739b0 94154->94155 94164 7ff6dff72bd0 28 API calls 94155->94164 94157 7ff6dff739c7 free free 94157->94141 94159 7ff6dff80070 fputc 94158->94159 94160 7ff6dff7318d 94159->94160 94160->94145 94161->94141 94162->94141 94163->94153 94164->94157 94165->94135 94166->94150 94167 7ff8a8657120 94168 7ff8a8657130 94167->94168 94169 7ff8a8657140 ERR_put_error 94168->94169 94170 7ff8a865716c 94168->94170 94171 7ff8a86571d6 94170->94171 94172 7ff8a86571a6 ASYNC_get_current_job 94170->94172 94174 7ff8a86571dc 94170->94174 94180 7ff8a8676668 94171->94180 94202 7ff8a8675f80 94171->94202 94224 7ff8a8631cf3 94171->94224 94172->94171 94173 7ff8a86571b0 94172->94173 94246 7ff8a865f250 ERR_put_error 94173->94246 94176 7ff8a86571c9 94181 7ff8a8676780 94180->94181 94182 7ff8a86767ba ERR_clear_error SetLastError 94181->94182 94183 7ff8a8676b2a 94181->94183 94194 7ff8a86767d3 94182->94194 94183->94174 94185 7ff8a86768aa ERR_put_error 94199 7ff8a86768d2 94185->94199 94186 7ff8a8676a97 94189 7ff8a8676aa2 ERR_put_error 94186->94189 94191 7ff8a8676af5 ERR_put_error 94186->94191 94188 7ff8a8676821 94188->94186 94193 7ff8a8676b1a BUF_MEM_free 94188->94193 94188->94199 94247 7ff8a8676290 94188->94247 94256 7ff8a8676d40 94188->94256 94192 7ff8a8676aca 94189->94192 94191->94199 94192->94191 94193->94183 94194->94183 94194->94185 94194->94188 94195 7ff8a867694a BUF_MEM_grow 94194->94195 94197 7ff8a8676969 94194->94197 94195->94185 94195->94197 94196 7ff8a867697c ERR_put_error 94196->94199 94197->94196 94200 7ff8a86769ec 94197->94200 94199->94193 94200->94188 94266 7ff8a86317df 8 API calls 94200->94266 94203 7ff8a8675f8a 94202->94203 94204 7ff8a86767ba ERR_clear_error SetLastError 94203->94204 94205 7ff8a8676b2a 94203->94205 94215 7ff8a86767d3 94204->94215 94205->94174 94206 7ff8a8676290 16 API calls 94223 7ff8a8676821 94206->94223 94207 7ff8a86768aa ERR_put_error 94220 7ff8a86768d2 94207->94220 94208 7ff8a8676a97 94210 7ff8a8676aa2 ERR_put_error 94208->94210 94212 7ff8a8676af5 ERR_put_error 94208->94212 94209 7ff8a8676d40 45 API calls 94209->94223 94213 7ff8a8676aca 94210->94213 94212->94220 94213->94212 94214 7ff8a8676b1a BUF_MEM_free 94214->94205 94215->94205 94215->94207 94216 7ff8a867694a BUF_MEM_grow 94215->94216 94218 7ff8a8676969 94215->94218 94215->94223 94216->94207 94216->94218 94217 7ff8a867697c ERR_put_error 94217->94220 94218->94217 94221 7ff8a86769ec 94218->94221 94220->94214 94221->94223 94301 7ff8a86317df 8 API calls 94221->94301 94223->94206 94223->94208 94223->94209 94223->94214 94223->94220 94224->94174 94225 7ff8a86760b0 94224->94225 94226 7ff8a86767ba ERR_clear_error SetLastError 94225->94226 94227 7ff8a8676b2a 94225->94227 94237 7ff8a86767d3 94226->94237 94227->94174 94228 7ff8a8676290 16 API calls 94245 7ff8a8676821 94228->94245 94229 7ff8a86768aa ERR_put_error 94242 7ff8a86768d2 94229->94242 94230 7ff8a8676a97 94232 7ff8a8676aa2 ERR_put_error 94230->94232 94234 7ff8a8676af5 ERR_put_error 94230->94234 94231 7ff8a8676d40 45 API calls 94231->94245 94235 7ff8a8676aca 94232->94235 94234->94242 94235->94234 94236 7ff8a8676b1a BUF_MEM_free 94236->94227 94237->94227 94237->94229 94238 7ff8a867694a BUF_MEM_grow 94237->94238 94240 7ff8a8676969 94237->94240 94237->94245 94238->94229 94238->94240 94239 7ff8a867697c ERR_put_error 94239->94242 94240->94239 94243 7ff8a86769ec 94240->94243 94242->94236 94243->94245 94302 7ff8a86317df 8 API calls 94243->94302 94245->94228 94245->94230 94245->94231 94245->94236 94245->94242 94246->94176 94248 7ff8a86762aa 94247->94248 94251 7ff8a8676547 94248->94251 94252 7ff8a8676525 94248->94252 94253 7ff8a86765f4 ERR_put_error 94248->94253 94254 7ff8a8676418 BUF_MEM_grow_clean 94248->94254 94267 7ff8a8678b95 94248->94267 94270 7ff8a863119f memcmp 94248->94270 94250 7ff8a867652b ERR_put_error 94250->94251 94251->94188 94252->94250 94252->94251 94253->94251 94254->94248 94254->94252 94263 7ff8a8676d5c 94256->94263 94257 7ff8a86770b7 ERR_put_error 94259 7ff8a8676fea 94257->94259 94259->94188 94262 7ff8a8676df2 94262->94257 94262->94259 94263->94259 94263->94262 94286 7ff8a8678548 94263->94286 94292 7ff8a8631348 CRYPTO_zalloc ERR_put_error 94263->94292 94293 7ff8a8631122 CRYPTO_free CRYPTO_free 94263->94293 94294 7ff8a8631c0d GetSystemTime SystemTimeToFileTime 94263->94294 94295 7ff8a8631267 10 API calls 94263->94295 94266->94188 94271 7ff8a8631393 94267->94271 94269 7ff8a8678b9d 94269->94248 94270->94248 94271->94269 94272 7ff8a867e930 94271->94272 94273 7ff8a867e94a OPENSSL_sk_new_null 94272->94273 94279 7ff8a867e97d 94273->94279 94285 7ff8a867e969 94273->94285 94274 7ff8a867eee6 X509_free OPENSSL_sk_pop_free 94274->94269 94275 7ff8a867ea61 d2i_X509 94275->94279 94275->94285 94276 7ff8a867ebb9 OPENSSL_sk_push 94276->94279 94276->94285 94277 7ff8a867ebe4 94278 7ff8a867ec66 ERR_clear_error 94277->94278 94277->94285 94280 7ff8a867ec9b OPENSSL_sk_value X509_get0_pubkey 94278->94280 94278->94285 94279->94275 94279->94276 94279->94277 94281 7ff8a867ec33 CRYPTO_free 94279->94281 94282 7ff8a867eba3 CRYPTO_free 94279->94282 94279->94285 94283 7ff8a867eccd 94280->94283 94280->94285 94281->94285 94282->94276 94284 7ff8a867ed7f X509_free X509_up_ref 94283->94284 94283->94285 94284->94285 94285->94274 94287 7ff8a8678558 94286->94287 94288 7ff8a8678577 94286->94288 94289 7ff8a8678571 94287->94289 94300 7ff8a8631b3b 27 API calls 94287->94300 94296 7ff8a8631c53 94288->94296 94289->94263 94292->94263 94293->94263 94294->94263 94295->94263 94296->94289 94297 7ff8a8676ce0 94296->94297 94298 7ff8a8676cec BIO_ctrl 94297->94298 94299 7ff8a8676d0f 94298->94299 94299->94289 94300->94289 94301->94223 94302->94245 93753 61cc5881 93754 61cc5e79 93753->93754 93755 61cc5880 93753->93755 93758 61cc636c exit 93754->93758 93767 61cc60b1 93754->93767 93874 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93754->93874 93755->93753 93756 61cc589b 93755->93756 93757 61cc58a1 93756->93757 93764 61cc58c9 93756->93764 93873 61ccfef0 VirtualAlloc memcpy fwrite 93757->93873 93769 61cc6394 93758->93769 93806 61cc64a5 93758->93806 93763 61cc5ea8 93766 61cc5eb4 PyErr_Format 93763->93766 93763->93767 93770 61cc62f7 93764->93770 93812 61cc7590 93764->93812 93765 61cc54d0 PyEval_GetFrame 93772 61cc54f1 PyUnicode_FromFormat 93765->93772 93791 61cc5562 93765->93791 93766->93767 93767->93758 93768 61cc63cc 93779 61cc63dd free 93768->93779 93780 61cc63e2 93768->93780 93769->93768 93777 61cc63bc free 93769->93777 93876 61cc80e0 7 API calls 93770->93876 93771 61cc5903 93776 61cc5918 PyUnicode_AsUTF8 93771->93776 93781 61cc6199 93771->93781 93775 61cc550a Py_DecRef 93772->93775 93772->93791 93774 61cc6328 93774->93758 93774->93765 93775->93791 93782 61cc593e 93776->93782 93783 61cc5958 PyImport_GetModuleDict PyDict_GetItem 93776->93783 93777->93768 93777->93769 93778 61cc5ad4 PyEval_GetFrame 93778->93771 93779->93780 93784 61cc63ee free 93780->93784 93785 61cc63f3 93780->93785 93781->93758 93781->93770 93875 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93781->93875 93782->93783 93786 61cc599d PyImport_ExecCodeModuleObject PyErr_Occurred 93782->93786 93783->93786 93787 61cc5974 PyModule_GetDict PyDict_GetItemString 93783->93787 93784->93785 93788 61cc63ff free 93785->93788 93789 61cc6404 93785->93789 93786->93765 93786->93791 93787->93786 93790 61cc60e5 PyEval_EvalCode 93787->93790 93788->93789 93794 61cc640d free 93789->93794 93795 61cc6412 93789->93795 93792 61cc60fd Py_DecRef Py_IncRef 93790->93792 93793 61cc551b PyEval_GetFrame 93790->93793 93792->93791 93793->93791 93797 61cc553c PyUnicode_FromFormat 93793->93797 93794->93795 93799 61cc6428 93795->93799 93803 61cc64e2 _Py_Dealloc 93795->93803 93797->93791 93800 61cc5555 Py_DecRef 93797->93800 93798 61cc61c8 93798->93770 93801 61cc61d4 PyErr_Format 93798->93801 93802 61cc643b 93799->93802 93804 61cc6500 _Py_Dealloc 93799->93804 93800->93791 93801->93765 93805 61cc6520 _Py_Dealloc 93802->93805 93808 61cc6451 93802->93808 93803->93799 93803->93802 93804->93802 93804->93808 93805->93806 93805->93808 93807 61cc6550 _Py_Dealloc 93807->93808 93808->93806 93808->93807 93809 61cc6570 _Py_Dealloc 93808->93809 93810 61cc6560 _Py_Dealloc 93808->93810 93811 61cc6540 _Py_Dealloc 93808->93811 93809->93808 93810->93808 93811->93807 93813 61cc75ba 93812->93813 93814 61cc7900 93812->93814 93815 61cc75c3 93813->93815 93823 61cc7916 93813->93823 93950 61d3f120 __iob_func abort 93814->93950 93817 61cc7a40 93815->93817 93821 61cc75d9 93815->93821 93818 61cc7d7b exit 93817->93818 93865 61cc7b6f PyErr_Format 93817->93865 93954 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93817->93954 93820 61cc764d 93822 61cc765c 93820->93822 93838 61cc7ac0 93820->93838 93821->93820 93825 61cc75fb malloc 93821->93825 93826 61cc7bc0 93821->93826 93948 61ccefa0 21 API calls 93822->93948 93823->93817 93823->93818 93823->93826 93828 61cc79bb PyErr_Format 93823->93828 93829 61cc7b30 93823->93829 93840 61cc7d05 93823->93840 93841 61cc7953 PyErr_Format 93823->93841 93855 61cc7ccc PyErr_Format 93823->93855 93951 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93823->93951 93952 61d3f180 __iob_func abort 93823->93952 93953 61d3f450 __iob_func abort 93823->93953 93831 61cc7d1c PyErr_NoMemory 93825->93831 93832 61cc7611 93825->93832 93826->93818 93836 61cc7bf2 93826->93836 93828->93823 93846 61cc7b50 93829->93846 93856 61cc7bff PyErr_Format 93829->93856 93830 61cc7a7f 93837 61cc7a8b PyErr_Format 93830->93837 93830->93865 93835 61cc58eb 93831->93835 93844 61cc7d14 free 93832->93844 93845 61cc7623 93832->93845 93833 61cc7675 93833->93835 93847 61cc7689 93833->93847 93848 61cc78e3 memset 93833->93848 93835->93765 93835->93771 93835->93778 93957 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93836->93957 93837->93838 93838->93818 93955 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93838->93955 93840->93844 93841->93823 93844->93831 93877 61cd4340 93845->93877 93846->93818 93851 61cc7b62 93846->93851 93852 61cc78b0 PyEval_GetFrame 93847->93852 93853 61cc7691 93847->93853 93848->93847 93848->93853 93849 61cc7aef 93857 61cc7afb PyErr_Format 93849->93857 93849->93865 93956 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93851->93956 93852->93829 93862 61cc78c3 93852->93862 93853->93835 93861 61cc76e0 PyEval_GetFrame 93853->93861 93855->93835 93856->93835 93857->93829 93872 61cc76ef 93861->93872 93862->93829 93862->93853 93864 61cc7c9d 93864->93818 93867 61cc7cbf 93864->93867 93865->93835 93866 61cc7865 93949 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93866->93949 93958 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 93867->93958 93870 61cc7872 93870->93855 93871 61cc787e PyErr_Format 93870->93871 93871->93835 93872->93818 93872->93835 93872->93855 93872->93866 93873->93764 93874->93763 93875->93798 93876->93774 93959 61d21340 93877->93959 93882 61d21a70 malloc 93883 61cd4379 93882->93883 93971 61d214a0 93883->93971 93894 61d203a0 malloc 93895 61cd4406 93894->93895 93896 61d20130 malloc 93895->93896 93897 61cd441c 93896->93897 93898 61d203a0 malloc 93897->93898 93899 61cd444c 93898->93899 93997 61d1fff0 93899->93997 93903 61cd4464 94004 61d20f00 93903->94004 93906 61d20f00 2 API calls 93907 61cd447f 93906->93907 93908 61d1fff0 malloc 93907->93908 93909 61cd4492 93908->93909 93910 61d1fff0 malloc 93909->93910 93912 61cc7644 93909->93912 93911 61cd4528 93910->93911 93913 61d20f00 2 API calls 93911->93913 93912->93820 93912->93864 93914 61cd4539 93913->93914 93915 61d203a0 malloc 93914->93915 93916 61cd455c 93915->93916 93917 61d203a0 malloc 93916->93917 93918 61cd457e 93917->93918 93919 61d203a0 malloc 93918->93919 93920 61cd459d 93919->93920 93921 61d203a0 malloc 93920->93921 93922 61cd45bf 93921->93922 93923 61d203a0 malloc 93922->93923 93924 61cd45db 93923->93924 93925 61d203a0 malloc 93924->93925 93926 61cd45fa 93925->93926 93927 61d203a0 malloc 93926->93927 93928 61cd4619 93927->93928 93929 61d203a0 malloc 93928->93929 93930 61cd463b 93929->93930 93931 61d203a0 malloc 93930->93931 93932 61cd4657 93931->93932 93933 61d203a0 malloc 93932->93933 93934 61cd4679 93933->93934 93935 61d203a0 malloc 93934->93935 93936 61cd4698 93935->93936 93937 61d203a0 malloc 93936->93937 93938 61cd46ba 93937->93938 93939 61d203a0 malloc 93938->93939 93940 61cd46d6 93939->93940 93941 61d203a0 malloc 93940->93941 93942 61cd46f8 93941->93942 94010 61d21670 93942->94010 93944 61cd4702 94017 61d3e130 93944->94017 93946 61cd4712 94045 61d1fd00 93946->94045 93948->93833 93949->93870 93950->93823 93951->93823 93952->93823 93953->93823 93954->93830 93955->93849 93956->93865 93957->93856 93958->93855 93960 61d2135a 93959->93960 94068 61d3e5b0 malloc 93960->94068 93962 61d21420 93963 61d1d920 malloc 93962->93963 93964 61d21438 93963->93964 93965 61d1d920 malloc 93964->93965 93966 61cd4366 93965->93966 93967 61d21a70 93966->93967 93968 61d21a90 93967->93968 94069 61d1d920 93968->94069 93972 61d214bc 93971->93972 93973 61d20130 malloc 93972->93973 93974 61cd4389 93972->93974 93973->93974 93975 61d22070 93974->93975 94074 61d20180 93975->94074 93978 61d22101 93981 61d20130 malloc 93978->93981 93979 61d220bc 93980 61d203a0 malloc 93979->93980 93982 61cd43a0 93980->93982 93981->93982 93983 61d203a0 93982->93983 93984 61d1d920 malloc 93983->93984 93985 61cd43c4 93984->93985 93986 61d21f10 93985->93986 93987 61d20180 malloc 93986->93987 93988 61d21f30 93987->93988 93989 61d21fa1 93988->93989 93990 61d21f5c 93988->93990 93992 61d20130 malloc 93989->93992 93991 61d203a0 malloc 93990->93991 93993 61cd43d1 93991->93993 93992->93993 93994 61d20130 93993->93994 93995 61d1d920 malloc 93994->93995 93996 61cd43e7 93995->93996 93996->93894 93998 61d1d920 malloc 93997->93998 93999 61cd445c 93998->93999 94000 61d20700 93999->94000 94001 61d20716 94000->94001 94002 61d1d920 malloc 94001->94002 94003 61d20729 94001->94003 94002->94003 94003->93903 94005 61d20f15 94004->94005 94006 61d20700 malloc 94005->94006 94007 61d20e90 94005->94007 94006->94007 94009 61cd4474 94007->94009 94077 61d20850 abort 94007->94077 94009->93906 94011 61d1fff0 malloc 94010->94011 94012 61d21689 94011->94012 94013 61d20130 malloc 94012->94013 94014 61d216be 94013->94014 94078 61d21520 94014->94078 94018 61d3e14c 94017->94018 94036 61d3e309 94017->94036 94020 61d3e2f0 94018->94020 94021 61d3e16a 94018->94021 94022 61d3e2c9 94018->94022 94024 61d3fa70 9 API calls 94020->94024 94020->94036 94110 61d2cd50 6 API calls 94021->94110 94097 61d3fa70 94022->94097 94024->94036 94027 61d3e3c9 memset 94027->94036 94028 61d3e630 free 94028->94036 94029 61d3e255 94031 61d3e267 94029->94031 94029->94036 94030 61d3e26d 94093 61d410f0 94030->94093 94031->94030 94034 61d3e293 94031->94034 94033 61d3e195 94033->94029 94037 61d3e28a 94033->94037 94043 61d3e1e8 94033->94043 94113 61d3e630 94034->94113 94035 61d3e280 94035->94037 94039 61d410f0 VirtualProtect 94035->94039 94036->94027 94036->94028 94036->94030 94116 61d24c90 13 API calls 94036->94116 94117 61d3eb50 memcpy malloc free 94036->94117 94037->93946 94040 61d3e2bc 94039->94040 94040->93946 94042 61d3fa70 9 API calls 94042->94043 94043->94029 94043->94033 94043->94042 94111 61d3fc40 UnmapViewOfFile GetLastError _errno 94043->94111 94112 61d2cd50 6 API calls 94043->94112 94046 61d3e630 free 94045->94046 94047 61d1fd2e 94046->94047 94048 61d3e630 free 94047->94048 94049 61d1fd3b 94048->94049 94050 61d3e630 free 94049->94050 94051 61d1fd58 94050->94051 94052 61d3e630 free 94051->94052 94053 61d1fd68 94052->94053 94054 61d3e630 free 94053->94054 94055 61d1fd78 94054->94055 94056 61d3e630 free 94055->94056 94057 61d1fd88 94056->94057 94058 61d3e630 free 94057->94058 94059 61d1fd98 94058->94059 94060 61d1fdef 94059->94060 94062 61d3e630 free 94059->94062 94061 61d3e630 free 94060->94061 94063 61d1fdfb 94061->94063 94062->94059 94064 61d1fe51 94063->94064 94067 61d3e630 free 94063->94067 94065 61d3e630 free 94064->94065 94066 61d1fe5d 94065->94066 94067->94063 94070 61d1d965 94069->94070 94072 61cd436e 94069->94072 94073 61d3e5b0 malloc 94070->94073 94072->93882 94075 61d1d920 malloc 94074->94075 94076 61d20195 94075->94076 94076->93978 94076->93979 94077->94009 94085 61d1ff50 94078->94085 94081 61d1d920 malloc 94082 61d21561 94081->94082 94088 61d20e90 94082->94088 94086 61d1d920 malloc 94085->94086 94087 61d1ff5d 94086->94087 94087->94081 94089 61d20ead 94088->94089 94091 61d20eb5 94088->94091 94089->94091 94092 61d20850 abort 94089->94092 94091->93944 94092->94091 94096 61d410fa 94093->94096 94094 61d41126 VirtualProtect 94095 61d4113e 94094->94095 94095->94035 94096->94094 94096->94095 94099 61d3fa8a 94097->94099 94098 61d3fac7 _errno 94100 61d3fb90 _errno 94098->94100 94103 61d3fadf 94098->94103 94099->94098 94102 61d3fc28 94099->94102 94101 61d3fb9f 94100->94101 94101->94020 94103->94100 94104 61d3faf2 94103->94104 94105 61d3fb03 CreateFileMappingA 94104->94105 94106 61d3fbf4 _get_osfhandle 94104->94106 94107 61d3fb33 MapViewOfFile CloseHandle 94105->94107 94108 61d3fb68 GetLastError _errno 94105->94108 94106->94105 94109 61d3fc0e _errno 94106->94109 94107->94101 94107->94108 94108->94020 94109->94101 94110->94033 94111->94043 94112->94043 94114 61d3e640 free 94113->94114 94115 61d3e64d 94113->94115 94114->94115 94115->94035 94116->94036 94117->94036 94303 7ff8a8659720 94304 7ff8a865972c 94303->94304 94305 7ff8a865975f 94304->94305 94306 7ff8a8659737 ERR_put_error 94304->94306 94307 7ff8a865978f CRYPTO_zalloc 94305->94307 94308 7ff8a8659765 ERR_put_error 94305->94308 94309 7ff8a86597bd CRYPTO_THREAD_lock_new 94307->94309 94322 7ff8a86597f2 94307->94322 94310 7ff8a86597d9 CRYPTO_free 94309->94310 94311 7ff8a8659833 94309->94311 94310->94322 94313 7ff8a8659842 OPENSSL_sk_dup 94311->94313 94312 7ff8a86597fa ERR_put_error 94331 7ff8a865981e 94312->94331 94314 7ff8a86598d7 94313->94314 94313->94322 94332 7ff8a86310ff 32 API calls 94314->94332 94316 7ff8a86598e3 94317 7ff8a8659977 X509_VERIFY_PARAM_new 94316->94317 94316->94322 94318 7ff8a86599c4 X509_VERIFY_PARAM_inherit 94317->94318 94317->94322 94319 7ff8a8659a18 94318->94319 94320 7ff8a8659ad3 94319->94320 94321 7ff8a8659aa2 CRYPTO_memdup 94319->94321 94323 7ff8a8659aed CRYPTO_memdup 94320->94323 94324 7ff8a8659b21 94320->94324 94321->94320 94321->94322 94322->94312 94322->94331 94323->94322 94323->94324 94325 7ff8a8659b46 CRYPTO_malloc 94324->94325 94327 7ff8a8659ba9 94324->94327 94325->94322 94326 7ff8a8659b77 memcpy 94325->94326 94326->94327 94327->94322 94328 7ff8a8659c33 CRYPTO_new_ex_data 94327->94328 94328->94322 94329 7ff8a8659c4c 94328->94329 94333 7ff8a8632103 ERR_put_error 94329->94333 94332->94316 94333->94322 94118 7ff8a8676130 94119 7ff8a86312ee 94118->94119 94120 7ff8a8676140 ERR_put_error 94119->94120 94121 7ff8a8676171 94120->94121 94334 7ff8a86871e0 94335 7ff8a86871f8 94334->94335 94336 7ff8a8687306 94335->94336 94338 7ff8a8631b45 94335->94338 94338->94335 94341 7ff8a863c310 94338->94341 94340 7ff8a863c3eb 94340->94335 94341->94340 94342 7ff8a863c828 memcpy 94341->94342 94343 7ff8a863c9e0 memcpy 94341->94343 94344 7ff8a863c7ed 94341->94344 94346 7ff8a863cad1 94341->94346 94349 7ff8a8631956 94341->94349 94342->94341 94343->94341 94345 7ff8a863c7fc BIO_clear_flags BIO_set_flags 94344->94345 94345->94340 94347 7ff8a863cb2b BIO_snprintf ERR_add_error_data 94346->94347 94374 7ff8a863160e CRYPTO_THREAD_write_lock OPENSSL_LH_retrieve OPENSSL_LH_delete CRYPTO_THREAD_unlock 94347->94374 94349->94341 94351 7ff8a8640000 94349->94351 94350 7ff8a8631497 memcpy memcpy SetLastError BIO_read 94350->94351 94351->94350 94352 7ff8a8640502 94351->94352 94353 7ff8a8640414 EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 94351->94353 94356 7ff8a8640c72 94351->94356 94367 7ff8a864016c 94351->94367 94354 7ff8a86405f9 EVP_MD_CTX_md EVP_MD_size 94352->94354 94364 7ff8a8640686 94352->94364 94352->94367 94353->94351 94353->94352 94355 7ff8a864060f 94354->94355 94354->94367 94361 7ff8a8640662 CRYPTO_memcmp 94355->94361 94355->94364 94355->94367 94358 7ff8a8640c7f strncmp 94356->94358 94356->94367 94357 7ff8a86407c6 EVP_MD_CTX_md 94359 7ff8a86407db EVP_MD_CTX_md EVP_MD_size 94357->94359 94372 7ff8a864090e 94357->94372 94360 7ff8a8640ca4 strncmp 94358->94360 94358->94367 94370 7ff8a86407f8 94359->94370 94362 7ff8a8640cc4 strncmp 94360->94362 94360->94367 94361->94355 94361->94367 94363 7ff8a8640cdf strncmp 94362->94363 94362->94367 94365 7ff8a8640cf7 strncmp 94363->94365 94363->94367 94364->94357 94364->94367 94364->94372 94365->94367 94366 7ff8a864082e EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 94369 7ff8a864085a EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 94366->94369 94366->94370 94367->94341 94369->94370 94370->94366 94370->94369 94370->94372 94373 7ff8a86408d4 CRYPTO_memcmp 94370->94373 94375 7ff8a8631451 memset 94370->94375 94372->94367 94376 7ff8a863102d CRYPTO_malloc COMP_expand_block 94372->94376 94373->94370 94374->94340 94375->94370 94376->94372

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 61CC6580 Relevance: 118.2, APIs: 51, Strings: 16, Instructions: 915librarystringloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PySys_GetObject.PYTHON310 ref: 61CC65A1
                                                                                                                                                                                                                              • PyTuple_GetItem.PYTHON310 ref: 61CC65BB
                                                                                                                                                                                                                              • PyLong_AsLong.PYTHON310 ref: 61CC65D0
                                                                                                                                                                                                                              • PyTuple_GetItem.PYTHON310 ref: 61CC65E0
                                                                                                                                                                                                                              • PyLong_AsLong.PYTHON310 ref: 61CC65EE
                                                                                                                                                                                                                              • PySys_GetObject.PYTHON310 ref: 61CC65FD
                                                                                                                                                                                                                              • PyLong_AsVoidPtr.PYTHON310 ref: 61CC6609
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61CC662E
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61CC664C
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61CC666A
                                                                                                                                                                                                                              • PyModule_Create2.PYTHON310 ref: 61CC6694
                                                                                                                                                                                                                              • PyModule_GetName.PYTHON310 ref: 61CC66A9
                                                                                                                                                                                                                              • strrchr.MSVCRT ref: 61CC66CE
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CC66E4
                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 61CC66FE
                                                                                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON310 ref: 61CC6751
                                                                                                                                                                                                                              • PyBytes_AsString.PYTHON310 ref: 61CC676B
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CC677F
                                                                                                                                                                                                                              • PyCMethod_New.PYTHON310 ref: 61CC67CD
                                                                                                                                                                                                                              • PyCMethod_New.PYTHON310 ref: 61CC6813
                                                                                                                                                                                                                              • PyCMethod_New.PYTHON310 ref: 61CC6859
                                                                                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON310 ref: 61CC6883
                                                                                                                                                                                                                              • PyBytes_AsString.PYTHON310 ref: 61CC6899
                                                                                                                                                                                                                              • _time64.MSVCRT ref: 61CC6976
                                                                                                                                                                                                                              • srand.MSVCRT ref: 61CC697E
                                                                                                                                                                                                                              • strstr.MSVCRT ref: 61CC6B25
                                                                                                                                                                                                                              • strncmp.MSVCRT ref: 61CC6B61
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC6BD4
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC6C0A
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC6C19
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CC6C3A
                                                                                                                                                                                                                              • free.MSVCRT ref: 61CC6CA4
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CC6CB0
                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 61CC6CD3
                                                                                                                                                                                                                              • free.MSVCRT ref: 61CC6D02
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CC6D0E
                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 61CC6D31
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC7378
                                                                                                                                                                                                                                • Part of subcall function 61CDE0F0: memcmp.MSVCRT ref: 61CDE123
                                                                                                                                                                                                                                • Part of subcall function 61CDE0F0: memcmp.MSVCRT ref: 61CDE140
                                                                                                                                                                                                                                • Part of subcall function 61CDE0F0: memcmp.MSVCRT ref: 61CDE162
                                                                                                                                                                                                                                • Part of subcall function 61CDE0F0: memcmp.MSVCRT ref: 61CDE182
                                                                                                                                                                                                                                • Part of subcall function 61CDE0F0: memcmp.MSVCRT ref: 61CDE1A2
                                                                                                                                                                                                                                • Part of subcall function 61CDE0F0: memcmp.MSVCRT ref: 61CDE1C2
                                                                                                                                                                                                                                • Part of subcall function 61CDE0F0: memcmp.MSVCRT ref: 61CDE1E2
                                                                                                                                                                                                                                • Part of subcall function 61CDE0F0: memcmp.MSVCRT ref: 61CDE202
                                                                                                                                                                                                                                • Part of subcall function 61CDDE60: memcmp.MSVCRT ref: 61CDDE93
                                                                                                                                                                                                                                • Part of subcall function 61CDDE60: memcmp.MSVCRT ref: 61CDDEB3
                                                                                                                                                                                                                                • Part of subcall function 61CDDE60: memcmp.MSVCRT ref: 61CDDED5
                                                                                                                                                                                                                                • Part of subcall function 61CDDE60: memcmp.MSVCRT ref: 61CDDEF5
                                                                                                                                                                                                                                • Part of subcall function 61CDDE60: memcmp.MSVCRT ref: 61CDDF15
                                                                                                                                                                                                                                • Part of subcall function 61CDDE60: memcmp.MSVCRT ref: 61CDDF35
                                                                                                                                                                                                                                • Part of subcall function 61CDDE60: memcmp.MSVCRT ref: 61CDDF55
                                                                                                                                                                                                                                • Part of subcall function 61CDDE60: memcmp.MSVCRT ref: 61CDDF75
                                                                                                                                                                                                                                • Part of subcall function 61CDD890: strcmp.MSVCRT ref: 61CDD8BB
                                                                                                                                                                                                                                • Part of subcall function 61CDD890: strcmp.MSVCRT ref: 61CDD8E5
                                                                                                                                                                                                                                • Part of subcall function 61CDD890: strcmp.MSVCRT ref: 61CDD904
                                                                                                                                                                                                                                • Part of subcall function 61CDD890: strcmp.MSVCRT ref: 61CDD923
                                                                                                                                                                                                                                • Part of subcall function 61CDD890: strcmp.MSVCRT ref: 61CDD942
                                                                                                                                                                                                                                • Part of subcall function 61CDD890: strcmp.MSVCRT ref: 61CDD95D
                                                                                                                                                                                                                                • Part of subcall function 61CDD890: strcmp.MSVCRT ref: 61CDD978
                                                                                                                                                                                                                                • Part of subcall function 61CDD890: strcmp.MSVCRT ref: 61CDD993
                                                                                                                                                                                                                                • Part of subcall function 61CDDB30: strcmp.MSVCRT ref: 61CDDB5B
                                                                                                                                                                                                                                • Part of subcall function 61CDDB30: strcmp.MSVCRT ref: 61CDDB7F
                                                                                                                                                                                                                                • Part of subcall function 61CDDB30: strcmp.MSVCRT ref: 61CDDB9B
                                                                                                                                                                                                                                • Part of subcall function 61CDDB30: strcmp.MSVCRT ref: 61CDDBBA
                                                                                                                                                                                                                                • Part of subcall function 61CDDB30: strcmp.MSVCRT ref: 61CDDBD9
                                                                                                                                                                                                                                • Part of subcall function 61CDDB30: strcmp.MSVCRT ref: 61CDDBF4
                                                                                                                                                                                                                                • Part of subcall function 61CDDB30: strcmp.MSVCRT ref: 61CDDC0F
                                                                                                                                                                                                                                • Part of subcall function 61CDDB30: strcmp.MSVCRT ref: 61CDDC2A
                                                                                                                                                                                                                                • Part of subcall function 61CDD9E0: strcmp.MSVCRT ref: 61CDDA0B
                                                                                                                                                                                                                                • Part of subcall function 61CDD9E0: strcmp.MSVCRT ref: 61CDDA35
                                                                                                                                                                                                                                • Part of subcall function 61CDD9E0: strcmp.MSVCRT ref: 61CDDA54
                                                                                                                                                                                                                                • Part of subcall function 61CDD9E0: strcmp.MSVCRT ref: 61CDDA73
                                                                                                                                                                                                                                • Part of subcall function 61CDD9E0: strcmp.MSVCRT ref: 61CDDA92
                                                                                                                                                                                                                                • Part of subcall function 61CDD9E0: strcmp.MSVCRT ref: 61CDDAAD
                                                                                                                                                                                                                                • Part of subcall function 61CDD9E0: strcmp.MSVCRT ref: 61CDDAC8
                                                                                                                                                                                                                                • Part of subcall function 61CDD9E0: strcmp.MSVCRT ref: 61CDDAE3
                                                                                                                                                                                                                              • PyBytes_AsStringAndSize.PYTHON310 ref: 61CC6EA8
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp$memcmp$Bytes_Stringmalloc$AddressLong_Method_ProcSizememcpy$DeallocErr_FormatFromItemLongModule_ObjectSys_Tuple_free$Create2NameVoid_time64srandstrncmpstrrchrstrstr
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$,*$.pyarmor.ikey$000000$C_ASSERT_ARMORED_INDEX$C_ENTER_CO_OBJECT_INDEX$C_LEAVE_CO_OBJECT_INDEX$PyCell_Get$PyCell_New$PyCell_Set$aes$dllhandle$pyarmor_runtime_$sha256$sprng$version_info
                                                                                                                                                                                                                              • API String ID: 3695841847-3717260241
                                                                                                                                                                                                                              • Opcode ID: 94d1ce50745224fe057015ac7690fb2e86e3108c663763c3d9d43fa9fa93740a
                                                                                                                                                                                                                              • Instruction ID: f4749ac73d11c1545eac58df4ead7c3dc6aacc6068679d4bc1cb718c429779f4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94d1ce50745224fe057015ac7690fb2e86e3108c663763c3d9d43fa9fa93740a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B82F272705B94C2EB01CB69E5507AE3BA2FB85F84F89C016CA4D4B794EF39D856C342
                                                                                                                                                                                                                              Function 00007FF8A8631956 Relevance: 44.5, APIs: 18, Strings: 7, Instructions: 785COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: D_sizeO_memcmpR_flagsX_cipherX_md
                                                                                                                                                                                                                              • String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT
                                                                                                                                                                                                                              • API String ID: 2456506815-3985260174
                                                                                                                                                                                                                              • Opcode ID: 064def04b24ac4c63f2f0036b05941dcbb17a60faf78b2664020f0661c7207e1
                                                                                                                                                                                                                              • Instruction ID: cf6be9b65ab30120c5681b3ea98c0bada27e6e60cc804e6954f6b57c023250ea
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 064def04b24ac4c63f2f0036b05941dcbb17a60faf78b2664020f0661c7207e1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE72B132F0A65296FBA08E11D6487BE37A0EB44BC8F146035DA8D476C5CF7DE584C72A
                                                                                                                                                                                                                              Function 00007FF8A8632207 Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 211COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 546 7ff8a8632207-7ff8a8654d62 call 7ff8a86312ee 550 7ff8a8654d94-7ff8a8654d9b call 7ff8a8631073 546->550 551 7ff8a8654d64-7ff8a8654d7d ERR_put_error 546->551 554 7ff8a8654da0-7ff8a8654da2 550->554 552 7ff8a8654d82-7ff8a8654d93 551->552 554->552 555 7ff8a8654da4-7ff8a8654db0 call 7ff8a8631d9d 554->555 558 7ff8a8654e18-7ff8a8654e35 CRYPTO_zalloc 555->558 559 7ff8a8654db2-7ff8a8654dcf ERR_put_error 555->559 560 7ff8a8654dd4-7ff8a8654dd9 558->560 561 7ff8a8654e37-7ff8a8654e7c CRYPTO_THREAD_lock_new 558->561 559->560 562 7ff8a8654ddf-7ff8a8654dfc ERR_put_error call 7ff8a863214e 560->562 566 7ff8a8654e7e-7ff8a8654eb3 ERR_put_error CRYPTO_free 561->566 567 7ff8a8654eb8-7ff8a8654ed8 call 7ff8a86324e1 561->567 565 7ff8a8654e01 562->565 568 7ff8a8654e03-7ff8a8654e17 565->568 566->565 567->560 571 7ff8a8654ede-7ff8a8654ef8 OPENSSL_LH_new 567->571 571->560 572 7ff8a8654efe-7ff8a8654f0a call 7ff8a869d72f 571->572 572->560 575 7ff8a8654f10-7ff8a8654f1f call 7ff8a869dab3 572->575 575->560 578 7ff8a8654f25-7ff8a8654f36 call 7ff8a8632419 575->578 578->560 581 7ff8a8654f3c-7ff8a8654f6b call 7ff8a8631ebf 578->581 584 7ff8a8655138-7ff8a8655143 581->584 585 7ff8a8654f71-7ff8a8654f7c OPENSSL_sk_num 581->585 584->562 585->584 586 7ff8a8654f82-7ff8a8654f91 call 7ff8a869d9e7 585->586 586->560 589 7ff8a8654f97-7ff8a8654fad EVP_get_digestbyname 586->589 590 7ff8a8654fbf-7ff8a8654fd5 EVP_get_digestbyname 589->590 591 7ff8a8654faf-7ff8a8654fba 589->591 592 7ff8a8654fe7-7ff8a8654ff6 OPENSSL_sk_new_null 590->592 593 7ff8a8654fd7-7ff8a8654fe2 590->593 591->562 592->560 594 7ff8a8654ffc-7ff8a865500b OPENSSL_sk_new_null 592->594 593->562 594->560 595 7ff8a8655011-7ff8a8655027 CRYPTO_new_ex_data 594->595 595->560 596 7ff8a865502d-7ff8a865504e call 7ff8a869d981 595->596 596->560 599 7ff8a8655054-7ff8a865505f 596->599 600 7ff8a865506d-7ff8a8655096 RAND_bytes 599->600 601 7ff8a8655061-7ff8a8655066 call 7ff8a863129e 599->601 602 7ff8a8655098-7ff8a86550ab RAND_priv_bytes 600->602 603 7ff8a86550c6 600->603 601->600 602->603 605 7ff8a86550ad-7ff8a86550c4 RAND_priv_bytes 602->605 606 7ff8a86550d0-7ff8a86550e3 RAND_priv_bytes 603->606 605->603 605->606 606->560 608 7ff8a86550e9-7ff8a86550f3 call 7ff8a86312d5 606->608 608->560 611 7ff8a86550f9-7ff8a8655133 call 7ff8a8631f3c 608->611 611->568
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_put_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256$ssl3-md5$ssl3-sha1
                                                                                                                                                                                                                              • API String ID: 1767461275-1115027282
                                                                                                                                                                                                                              • Opcode ID: 64c1ed371fb724922acc68a584a4f72b312f0de4d445f977e19cc316ff135a2a
                                                                                                                                                                                                                              • Instruction ID: f6c8426ce48531cf7a41b2bf819e1a031d9ca5e918f793ae6d3f07c8b60cd5e7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64c1ed371fb724922acc68a584a4f72b312f0de4d445f977e19cc316ff135a2a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EA14C71A0AB42A5FB949F24E4583B836A0FF44B88F442175DA4D4B3CAEF3CE554C728
                                                                                                                                                                                                                              Function 61CC7590 Relevance: 28.5, APIs: 15, Strings: 1, Instructions: 467COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 870 61cc7590-61cc75b4 871 61cc75ba-61cc75bd 870->871 872 61cc7900-61cc7918 call 61d3f120 870->872 873 61cc7980-61cc798a 871->873 874 61cc75c3-61cc75d3 871->874 887 61cc791e-61cc7928 872->887 888 61cc79f0-61cc7a04 call 61d3f870 872->888 876 61cc7bc0-61cc7bc7 873->876 877 61cc7990-61cc799c 873->877 878 61cc75d9-61cc75df 874->878 879 61cc7a50-61cc7a5a 874->879 889 61cc7bd0-61cc7bda 876->889 881 61cc7d7b-61cc7d86 exit 877->881 882 61cc79a2-61cc79b5 call 61cc13c0 877->882 885 61cc75e5-61cc75e7 878->885 886 61cc76b0-61cc76be 878->886 883 61cc7a60-61cc7a6c 879->883 884 61cc7c43-61cc7c4a 879->884 913 61cc79bb-61cc79dd PyErr_Format 882->913 914 61cc7b30-61cc7b37 882->914 883->881 891 61cc7a72-61cc7a85 call 61cc13c0 883->891 906 61cc7c52-61cc7c59 884->906 892 61cc75e9-61cc75f5 885->892 893 61cc7652-61cc7656 885->893 886->885 895 61cc76c4-61cc76d2 886->895 896 61cc792e-61cc793a 887->896 897 61cc7d30-61cc7d37 887->897 888->887 920 61cc7a0a-61cc7a19 call 61d3f180 888->920 900 61cc7c8e-61cc7c98 889->900 901 61cc7be0-61cc7be6 889->901 929 61cc7a8b-61cc7aad PyErr_Format 891->929 930 61cc7c34-61cc7c3b 891->930 892->889 907 61cc75fb-61cc760b malloc 892->907 902 61cc765c-61cc767b call 61ccefa0 893->902 903 61cc7ac0-61cc7aca 893->903 895->893 898 61cc76d8 895->898 896->881 899 61cc7940-61cc794d call 61cde340 896->899 910 61cc7d3f-61cc7d46 897->910 898->892 934 61cc7d05-61cc7d0c 899->934 935 61cc7953-61cc7975 PyErr_Format 899->935 911 61cc7be9-61cc7bec 900->911 901->911 927 61cc7695-61cc76a6 902->927 937 61cc767d-61cc7683 902->937 916 61cc7bb0-61cc7bba 903->916 917 61cc7ad0-61cc7ad6 903->917 922 61cc7c61-61cc7c6b 906->922 918 61cc7d1c-61cc7d25 PyErr_NoMemory 907->918 919 61cc7611-61cc761d call 61cd4310 907->919 939 61cc7d4e-61cc7d55 910->939 911->881 928 61cc7bf2-61cc7c05 call 61cc13c0 911->928 913->888 936 61cc7b40-61cc7b4a 914->936 921 61cc7ad9-61cc7adc 916->921 917->921 918->927 942 61cc7d14-61cc7d17 free 919->942 943 61cc7623-61cc763f call 61cd4340 919->943 920->887 948 61cc7a1f-61cc7a3a call 61d3f450 920->948 921->881 931 61cc7ae2-61cc7af5 call 61cc13c0 921->931 932 61cc7b85-61cc7ba3 PyErr_Format 922->932 957 61cc7c7f-61cc7c89 928->957 958 61cc7c07-61cc7c0e 928->958 929->903 930->884 931->906 960 61cc7afb-61cc7b1d PyErr_Format 931->960 932->927 934->942 935->873 944 61cc7c70-61cc7c77 936->944 945 61cc7b50-61cc7b5c 936->945 946 61cc7689-61cc768b 937->946 947 61cc78e3-61cc78f6 memset 937->947 956 61cc7d5d-61cc7d67 939->956 942->918 961 61cc7644-61cc7647 943->961 944->957 945->881 952 61cc7b62-61cc7b75 call 61cc13c0 945->952 953 61cc78b0-61cc78bd PyEval_GetFrame 946->953 954 61cc7691-61cc7693 946->954 947->954 959 61cc78fc 947->959 948->887 973 61cc7a40 948->973 952->922 977 61cc7b7b-61cc7b82 952->977 953->936 966 61cc78c3-61cc78cc 953->966 954->927 964 61cc76e0-61cc76e9 PyEval_GetFrame 954->964 967 61cc7ce2-61cc7d00 PyErr_Format 956->967 962 61cc7c11-61cc7c2f PyErr_Format 957->962 958->962 959->953 960->914 968 61cc7c9d-61cc7ca7 961->968 969 61cc764d 961->969 962->927 971 61cc76ef-61cc76f4 964->971 972 61cc7843-61cc784d 964->972 966->936 974 61cc78d2-61cc78d8 966->974 967->927 975 61cc7d6c-61cc7d76 968->975 976 61cc7cad-61cc7cb3 968->976 969->893 979 61cc7705-61cc770c 971->979 972->939 978 61cc7853-61cc785f 972->978 973->879 974->927 980 61cc78de 974->980 981 61cc7cb6-61cc7cb9 975->981 976->981 977->932 978->881 982 61cc7865-61cc7878 call 61cc13c0 978->982 983 61cc770e-61cc7711 979->983 984 61cc7700-61cc7703 979->984 980->964 981->881 985 61cc7cbf-61cc7cd2 call 61cc13c0 981->985 982->910 993 61cc787e-61cc78a6 PyErr_Format 982->993 983->972 987 61cc7717-61cc771e 983->987 984->979 984->983 985->956 996 61cc7cd8-61cc7cdf 985->996 990 61cc7720-61cc7724 987->990 991 61cc7763-61cc776a 987->991 990->991 994 61cc7726-61cc7735 990->994 991->972 995 61cc7770-61cc7777 991->995 993->927 994->991 997 61cc7737-61cc7742 994->997 998 61cc7779-61cc777d 995->998 999 61cc77c3-61cc77c8 995->999 996->967 997->927 1002 61cc7748-61cc774e 997->1002 998->999 1000 61cc777f-61cc778e 998->1000 1001 61cc77d0-61cc77e6 999->1001 1000->999 1003 61cc7790-61cc779b 1000->1003 1001->1001 1004 61cc77e8-61cc77eb 1001->1004 1005 61cc775e-61cc7761 1002->1005 1003->927 1006 61cc77a1-61cc77a7 1003->1006 1004->972 1007 61cc77ed-61cc77f4 1004->1007 1005->991 1008 61cc7750-61cc7758 1005->1008 1009 61cc77be-61cc77c1 1006->1009 1007->972 1010 61cc77f6-61cc77fa 1007->1010 1008->927 1008->1005 1009->999 1011 61cc77b0-61cc77b8 1009->1011 1010->972 1012 61cc77fc-61cc780b 1010->1012 1011->927 1011->1009 1012->972 1013 61cc780d-61cc7818 1012->1013 1013->927 1014 61cc781e-61cc7824 1013->1014 1015 61cc783e-61cc7841 1014->1015 1015->972 1016 61cc7830-61cc7838 1015->1016 1016->927 1016->1015
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Format$malloc
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 1817594650-1595188566
                                                                                                                                                                                                                              • Opcode ID: b33b37f8c80731f465efa34021d5711eb861afc8313d97311348655fbc83c4e6
                                                                                                                                                                                                                              • Instruction ID: 9c02d53f6421519eb35b140a5b1edd5b08b1bd9b6fab511941fff31210af28fd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b33b37f8c80731f465efa34021d5711eb861afc8313d97311348655fbc83c4e6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B02ABB2706B44C1FF158B6AD5903AD3B62FB85F88F488416CE5D0B794EF29C861E342
                                                                                                                                                                                                                              Function 00007FF8A8659720 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1017 7ff8a8659720-7ff8a8659735 call 7ff8a86312ee 1020 7ff8a865975f-7ff8a8659763 1017->1020 1021 7ff8a8659737-7ff8a865975e ERR_put_error 1017->1021 1022 7ff8a865978f-7ff8a86597bb CRYPTO_zalloc 1020->1022 1023 7ff8a8659765-7ff8a865978e ERR_put_error 1020->1023 1024 7ff8a86597bd-7ff8a86597d7 CRYPTO_THREAD_lock_new 1022->1024 1025 7ff8a86597f2-7ff8a865981c call 7ff8a86318ed ERR_put_error 1022->1025 1026 7ff8a86597d9-7ff8a86597f0 CRYPTO_free 1024->1026 1027 7ff8a8659833-7ff8a86598d1 call 7ff8a86324eb OPENSSL_sk_dup 1024->1027 1031 7ff8a865981e-7ff8a8659832 1025->1031 1026->1025 1027->1025 1033 7ff8a86598d7-7ff8a86598ed call 7ff8a86310ff 1027->1033 1033->1025 1036 7ff8a86598f3-7ff8a8659971 1033->1036 1036->1025 1037 7ff8a8659977-7ff8a86599be X509_VERIFY_PARAM_new 1036->1037 1037->1025 1038 7ff8a86599c4-7ff8a8659a16 X509_VERIFY_PARAM_inherit 1037->1038 1039 7ff8a8659a1e-7ff8a8659a28 1038->1039 1040 7ff8a8659a18 1038->1040 1041 7ff8a8659a2a-7ff8a8659a2d call 7ff8a8631483 1039->1041 1042 7ff8a8659a32-7ff8a8659aa0 1039->1042 1040->1039 1041->1042 1044 7ff8a8659ae1-7ff8a8659aeb 1042->1044 1045 7ff8a8659aa2-7ff8a8659ac5 CRYPTO_memdup 1042->1045 1048 7ff8a8659aed-7ff8a8659b13 CRYPTO_memdup 1044->1048 1049 7ff8a8659b2f-7ff8a8659b44 1044->1049 1046 7ff8a8659ac7-7ff8a8659ace 1045->1046 1047 7ff8a8659ad3-7ff8a8659ada 1045->1047 1046->1025 1047->1044 1050 7ff8a8659b15-7ff8a8659b1c 1048->1050 1051 7ff8a8659b21-7ff8a8659b28 1048->1051 1052 7ff8a8659ba9-7ff8a8659c07 1049->1052 1053 7ff8a8659b46-7ff8a8659b69 CRYPTO_malloc 1049->1053 1050->1025 1051->1049 1052->1025 1057 7ff8a8659c0d-7ff8a8659c2d call 7ff8a863188e 1052->1057 1054 7ff8a8659b6b-7ff8a8659b72 1053->1054 1055 7ff8a8659b77-7ff8a8659ba2 memcpy 1053->1055 1054->1025 1055->1052 1057->1025 1060 7ff8a8659c33-7ff8a8659c46 CRYPTO_new_ex_data 1057->1060 1060->1025 1061 7ff8a8659c4c-7ff8a8659ca3 call 7ff8a8632103 1060->1061 1061->1025 1064 7ff8a8659ca9-7ff8a8659cac 1061->1064 1064->1031
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_put_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                              • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                              • Opcode ID: 7b6a55bb11b7fe575e0ec2b4a4e773588f60d0a70433b007c9e18af06fed72e4
                                                                                                                                                                                                                              • Instruction ID: ac37b83402012836d7f2c7aaceb70de3598b1aebf85d01dc8381c6cb9d2644fe
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b6a55bb11b7fe575e0ec2b4a4e773588f60d0a70433b007c9e18af06fed72e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BE10B36606B8196EB88CF29E5843E973A4FB48B88F086136DF5C4B355DF38A161C724
                                                                                                                                                                                                                              Function 00007FF8A8631393 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 352COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1116 7ff8a8631393-7ff8a867e967 call 7ff8a86312ee OPENSSL_sk_new_null 1120 7ff8a867e97d-7ff8a867e98c 1116->1120 1121 7ff8a867e969-7ff8a867e978 1116->1121 1122 7ff8a867e98e-7ff8a867e995 1120->1122 1123 7ff8a867e9c7-7ff8a867e9cf 1120->1123 1124 7ff8a867eec4 1121->1124 1122->1123 1126 7ff8a867e997-7ff8a867e99c 1122->1126 1127 7ff8a867e9d5-7ff8a867ea05 1123->1127 1128 7ff8a867eeb3-7ff8a867eec0 1123->1128 1125 7ff8a867eecb-7ff8a867eed9 call 7ff8a8631c8f 1124->1125 1132 7ff8a867eede 1125->1132 1126->1123 1130 7ff8a867e99e-7ff8a867e9a5 1126->1130 1127->1128 1131 7ff8a867ea0b-7ff8a867ea0e 1127->1131 1128->1124 1130->1128 1133 7ff8a867e9ab-7ff8a867e9c1 1130->1133 1131->1128 1134 7ff8a867ea14-7ff8a867ea1e 1131->1134 1135 7ff8a867eee6-7ff8a867ef16 X509_free OPENSSL_sk_pop_free 1132->1135 1133->1123 1133->1128 1136 7ff8a867ea20-7ff8a867ea24 1134->1136 1137 7ff8a867ee8a-7ff8a867eeb1 call 7ff8a8631c8f 1136->1137 1138 7ff8a867ea2a-7ff8a867ea5b 1136->1138 1137->1132 1138->1137 1140 7ff8a867ea61-7ff8a867ea86 d2i_X509 1138->1140 1142 7ff8a867ea8c-7ff8a867ea95 1140->1142 1143 7ff8a867ee77-7ff8a867ee88 1140->1143 1144 7ff8a867ea9b-7ff8a867eaaa 1142->1144 1145 7ff8a867ee64-7ff8a867ee75 1142->1145 1143->1125 1146 7ff8a867ebb9-7ff8a867ebce OPENSSL_sk_push 1144->1146 1147 7ff8a867eab0-7ff8a867eab7 1144->1147 1145->1125 1149 7ff8a867ee3b-7ff8a867ee5f call 7ff8a8631c8f 1146->1149 1150 7ff8a867ebd4-7ff8a867ebde 1146->1150 1147->1146 1148 7ff8a867eabd-7ff8a867eac2 1147->1148 1148->1146 1151 7ff8a867eac8-7ff8a867eae6 1148->1151 1149->1135 1150->1136 1153 7ff8a867ebe4-7ff8a867ebf7 call 7ff8a86323b5 1150->1153 1155 7ff8a867ec4e-7ff8a867ec61 1151->1155 1156 7ff8a867eaec-7ff8a867eb14 1151->1156 1160 7ff8a867ebf9-7ff8a867ebfb 1153->1160 1161 7ff8a867ec66-7ff8a867ec6e ERR_clear_error 1153->1161 1155->1125 1156->1155 1159 7ff8a867eb1a-7ff8a867eb6b call 7ff8a863174e 1156->1159 1168 7ff8a867ec33-7ff8a867ec49 CRYPTO_free 1159->1168 1169 7ff8a867eb71-7ff8a867eb9d call 7ff8a8632414 1159->1169 1160->1161 1163 7ff8a867ebfd-7ff8a867ec26 call 7ff8a863221b call 7ff8a8631c8f 1160->1163 1165 7ff8a867ec9b-7ff8a867ecc7 OPENSSL_sk_value X509_get0_pubkey 1161->1165 1166 7ff8a867ec70-7ff8a867ec96 call 7ff8a8631c8f 1161->1166 1183 7ff8a867ec2b-7ff8a867ec2e 1163->1183 1171 7ff8a867ee0d-7ff8a867ee36 call 7ff8a8631c8f 1165->1171 1172 7ff8a867eccd-7ff8a867ecd7 call 7ff8a869db49 1165->1172 1166->1135 1168->1132 1169->1168 1184 7ff8a867eba3-7ff8a867ebb4 CRYPTO_free 1169->1184 1171->1135 1172->1171 1182 7ff8a867ecdd-7ff8a867ecf0 call 7ff8a8631dde 1172->1182 1187 7ff8a867ed1c-7ff8a867ed2b 1182->1187 1188 7ff8a867ecf2-7ff8a867ed17 call 7ff8a8631c8f 1182->1188 1183->1135 1184->1146 1190 7ff8a867ed3d-7ff8a867ed51 1187->1190 1191 7ff8a867ed2d-7ff8a867ed34 1187->1191 1188->1135 1194 7ff8a867ed7f-7ff8a867edcd X509_free X509_up_ref 1190->1194 1195 7ff8a867ed53-7ff8a867ed7a call 7ff8a8631c8f 1190->1195 1191->1190 1193 7ff8a867ed36-7ff8a867ed3b 1191->1193 1193->1190 1193->1194 1196 7ff8a867edcf-7ff8a867edd6 1194->1196 1197 7ff8a867ee03-7ff8a867ee08 1194->1197 1195->1135 1196->1197 1199 7ff8a867edd8-7ff8a867eddd 1196->1199 1197->1135 1199->1197 1201 7ff8a867eddf-7ff8a867edfd call 7ff8a8632487 1199->1201 1201->1135 1201->1197
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                              • API String ID: 1068509327-1507966698
                                                                                                                                                                                                                              • Opcode ID: ffbb3dbb5cbfe55bb72e612411af48878a88a6c77842706b967c83123da13720
                                                                                                                                                                                                                              • Instruction ID: 403f4164c7d3f9f06180c3d383975f6ef4f58f11245ef111d7cb1b02578c5daf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffbb3dbb5cbfe55bb72e612411af48878a88a6c77842706b967c83123da13720
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4E10172B0AA8192F760EB15E4487A97BA1EB84FC4F045134EA8C4BBD5CF3CD155CB68
                                                                                                                                                                                                                              Function 00007FF6DFF71154 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _initterm$_amsg_exit_cexitexit
                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                              • API String ID: 602970348-4108050209
                                                                                                                                                                                                                              • Opcode ID: 9905e89fe877ea847ce878e57ecea80b115fcac03c0dbd49d2c840cd9bbea999
                                                                                                                                                                                                                              • Instruction ID: 1096287b07b8139a3d7d187a53bc78fa1d6aa9ed2c783f792b60a51c742898dd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9905e89fe877ea847ce878e57ecea80b115fcac03c0dbd49d2c840cd9bbea999
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3761B176E19B0699FB509FA6E88036C23A4BB48B84F404436DE6CD73A5DF7CE464C700
                                                                                                                                                                                                                              Function 00007FF8A8631073 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: D_run_once$R_put_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_init.c
                                                                                                                                                                                                                              • API String ID: 511881677-1166085723
                                                                                                                                                                                                                              • Opcode ID: fd329f3d3c4ac018813aac7fd218cde1706058dba49e64e5e4a2f582db8a53f4
                                                                                                                                                                                                                              • Instruction ID: 274b434ddddc202ccbb36b409dec1a51c9a6826e40ef198129d4915c7fd1b591
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd329f3d3c4ac018813aac7fd218cde1706058dba49e64e5e4a2f582db8a53f4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A214D61B0A603A6FA469B15EE082B53391EFA17C0F847034DA0D87195EF3CE5658628
                                                                                                                                                                                                                              Function 61CC5870 Relevance: 63.3, APIs: 30, Strings: 6, Instructions: 326COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 221 61cc5870-61cc589f 223 61cc58dd-61cc58e6 call 61cc7590 221->223 224 61cc58a1-61cc58c1 221->224 227 61cc58eb-61cc58f1 223->227 226 61cc58c4 call 61ccfef0 224->226 228 61cc58c9-61cc58cc 226->228 229 61cc58f7-61cc58fd 227->229 230 61cc54d0-61cc54ef PyEval_GetFrame 227->230 231 61cc6315-61cc6328 call 61cc80e0 228->231 232 61cc58d2-61cc58d9 228->232 233 61cc5ac6-61cc5ace 229->233 234 61cc5903-61cc5905 229->234 235 61cc54f1-61cc5508 PyUnicode_FromFormat 230->235 236 61cc5562 230->236 231->230 244 61cc636c-61cc638e exit 231->244 232->223 233->234 243 61cc5ad4-61cc5add PyEval_GetFrame 233->243 240 61cc5918-61cc593c PyUnicode_AsUTF8 234->240 241 61cc5907-61cc5912 234->241 235->236 239 61cc550a-61cc5519 Py_DecRef 235->239 242 61cc5564-61cc5576 236->242 239->242 246 61cc593e-61cc5956 240->246 247 61cc5958-61cc5972 PyImport_GetModuleDict PyDict_GetItem 240->247 241->240 245 61cc6199-61cc61a3 241->245 248 61cc62a6-61cc62aa 243->248 249 61cc5ae3-61cc5b00 243->249 254 61cc6394-61cc639e 244->254 255 61cc64a5-61cc64ac 244->255 251 61cc61a9-61cc61b5 245->251 252 61cc6306-61cc630d 245->252 246->247 253 61cc599d-61cc59bf PyImport_ExecCodeModuleObject PyErr_Occurred 246->253 247->253 256 61cc5974-61cc5997 PyModule_GetDict PyDict_GetItemString 247->256 248->234 249->234 250 61cc5b06-61cc5b11 249->250 250->234 251->244 257 61cc61bb-61cc61ce call 61cc13c0 251->257 252->231 253->230 259 61cc59c5-61cc59c9 253->259 260 61cc64c4-61cc64cb 254->260 261 61cc63a4-61cc63ae 254->261 256->253 258 61cc60e5-61cc60f7 PyEval_EvalCode 256->258 279 61cc61d4-61cc61f9 PyErr_Format 257->279 280 61cc62f7-61cc62fe 257->280 262 61cc60fd-61cc611c Py_DecRef Py_IncRef 258->262 263 61cc551b-61cc553a PyEval_GetFrame 258->263 265 61cc59dc-61cc59e9 259->265 266 61cc59cb-61cc59d8 259->266 269 61cc64cd-61cc64d7 260->269 270 61cc64b0-61cc64bf call 61cd0010 260->270 267 61cc63cc-61cc63db call 61cd4300 261->267 268 61cc63b0-61cc63ca call 61cd4330 free 261->268 262->242 263->236 271 61cc553c-61cc5553 PyUnicode_FromFormat 263->271 265->242 266->265 282 61cc63dd free 267->282 283 61cc63e2-61cc63ec 267->283 268->267 269->268 276 61cc64dd 269->276 270->260 271->236 278 61cc5555-61cc555c Py_DecRef 271->278 276->267 278->236 279->230 280->252 282->283 284 61cc63ee free 283->284 285 61cc63f3-61cc63fd 283->285 284->285 286 61cc63ff free 285->286 287 61cc6404-61cc640b 285->287 286->287 288 61cc640d free 287->288 289 61cc6412-61cc641c 287->289 288->289 290 61cc641e-61cc6422 289->290 291 61cc6428-61cc642f 289->291 290->291 294 61cc64e2-61cc64ef _Py_Dealloc 290->294 292 61cc643b-61cc6445 291->292 293 61cc6431-61cc6435 291->293 296 61cc6447-61cc644b 292->296 297 61cc6451-61cc6458 292->297 293->292 298 61cc6500-61cc6510 _Py_Dealloc 293->298 294->293 295 61cc64f5 294->295 295->292 296->297 301 61cc6520-61cc652d _Py_Dealloc 296->301 297->255 300 61cc645a-61cc6460 297->300 298->296 299 61cc6516 298->299 299->297 302 61cc646c-61cc6473 300->302 303 61cc6462-61cc6466 300->303 301->300 304 61cc6533 301->304 306 61cc647f-61cc6486 302->306 307 61cc6475-61cc6479 302->307 303->302 305 61cc6550-61cc655a _Py_Dealloc 303->305 304->255 305->302 309 61cc6488-61cc648c 306->309 310 61cc6492-61cc6499 306->310 307->306 308 61cc6570-61cc657a _Py_Dealloc 307->308 308->306 309->310 311 61cc6560-61cc656a _Py_Dealloc 309->311 310->255 312 61cc649b-61cc649f 310->312 311->310 312->255 313 61cc6540-61cc6547 _Py_Dealloc 312->313 313->305
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyEval_GetFrame.PYTHON310 ref: 61CC54E2
                                                                                                                                                                                                                              • PyUnicode_FromFormat.PYTHON310 ref: 61CC54FF
                                                                                                                                                                                                                              • Py_DecRef.PYTHON310 ref: 61CC5513
                                                                                                                                                                                                                              • PyUnicode_AsUTF8.PYTHON310 ref: 61CC5924
                                                                                                                                                                                                                              • PyImport_GetModuleDict.PYTHON310 ref: 61CC5958
                                                                                                                                                                                                                              • PyDict_GetItem.PYTHON310 ref: 61CC5966
                                                                                                                                                                                                                              • PyModule_GetDict.PYTHON310 ref: 61CC5977
                                                                                                                                                                                                                              • PyDict_GetItemString.PYTHON310 ref: 61CC598A
                                                                                                                                                                                                                              • PyImport_ExecCodeModuleObject.PYTHON310 ref: 61CC59AD
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC59B6
                                                                                                                                                                                                                                • Part of subcall function 61CCFEF0: VirtualAlloc.KERNEL32 ref: 61CCFF49
                                                                                                                                                                                                                                • Part of subcall function 61CCFEF0: memcpy.MSVCRT ref: 61CCFF6C
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DictDict_Import_ItemModuleUnicode_$AllocCodeErr_Eval_ExecFormatFrameFromModule_ObjectOccurredStringVirtualmemcpy
                                                                                                                                                                                                                              • String ID: $%s (%d:%d)$<frozen %U>$__main__$__mp_main__$__spec__
                                                                                                                                                                                                                              • API String ID: 3240200909-2782528897
                                                                                                                                                                                                                              • Opcode ID: 9f99c94b7b96d533b1f1e693010825b1f91511f5ee8f84518908bb79f4947a67
                                                                                                                                                                                                                              • Instruction ID: 9d5261043e6f7d5a03067e58142d9cd2251be7f76ad8d106654df8bd077a4fc9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f99c94b7b96d533b1f1e693010825b1f91511f5ee8f84518908bb79f4947a67
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91D17932306A90C6EF05CFA6E9503AD7B61FB86F98F0C8525CA5E47764EF29C855C342
                                                                                                                                                                                                                              Function 00007FF6DFF73770 Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 614 7ff6dff73770-7ff6dff737a6 call 7ff6dff7ee70 618 7ff6dff737ac-7ff6dff737be 614->618 619 7ff6dff739e1-7ff6dff739ed call 7ff6dff72d90 614->619 623 7ff6dff737c4-7ff6dff737c8 618->623 624 7ff6dff739f2-7ff6dff739fe call 7ff6dff72d90 618->624 619->624 625 7ff6dff738c0 623->625 626 7ff6dff737ce-7ff6dff737d5 623->626 633 7ff6dff73a03-7ff6dff73a28 624->633 630 7ff6dff738c2-7ff6dff738d5 625->630 629 7ff6dff737f8-7ff6dff737fc 626->629 631 7ff6dff737e0-7ff6dff737f2 call 7ff6dff71ab0 629->631 632 7ff6dff737fe-7ff6dff73842 call 7ff6dff71ac0 call 7ff6dff73170 629->632 631->625 631->629 643 7ff6dff73848-7ff6dff73888 632->643 644 7ff6dff738d6-7ff6dff738dd call 7ff6dff72d90 632->644 640 7ff6dff73b5e-7ff6dff73b6a 633->640 641 7ff6dff73a2e-7ff6dff73a49 633->641 652 7ff6dff73b6f-7ff6dff73b71 640->652 648 7ff6dff73b50-7ff6dff73b57 641->648 649 7ff6dff73a4f-7ff6dff73a73 641->649 661 7ff6dff7388a-7ff6dff738a7 643->661 662 7ff6dff738e9-7ff6dff73901 call 7ff6dff72d90 643->662 651 7ff6dff738e2-7ff6dff738e7 644->651 648->640 649->652 656 7ff6dff73a79-7ff6dff73b17 649->656 651->630 654 7ff6dff73b38-7ff6dff73b4b 652->654 654->648 656->652 684 7ff6dff73b19-7ff6dff73b2b 656->684 670 7ff6dff738ac-7ff6dff738af 661->670 662->651 671 7ff6dff73903-7ff6dff73959 670->671 672 7ff6dff738b1-7ff6dff738b9 free 670->672 682 7ff6dff7395b-7ff6dff73963 _strdup 671->682 683 7ff6dff73966-7ff6dff73987 call 7ff6dff721d0 671->683 672->631 682->683 683->633 690 7ff6dff73989-7ff6dff739dc _strdup call 7ff6dff72bd0 free * 2 683->690 684->654 688 7ff6dff73b2d-7ff6dff73b35 _strdup 684->688 688->654 690->630
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID: %s%c%s.py$Absolute path to script exceeds PATH_MAX$Could not get __main__ module's dict.$Could not get __main__ module.$Failed to unmarshal code object for %s$Traceback is disabled via bootloader option.$\$__file__$__main__$_pyi_main_co$format_exception$pyi-disable-windowed-traceback$traceback
                                                                                                                                                                                                                              • API String ID: 1294909896-4198433784
                                                                                                                                                                                                                              • Opcode ID: 142cad25816035ac1b29b6c4e55a3deab6ebdbd29f4bea9490b2cb5a38c870e8
                                                                                                                                                                                                                              • Instruction ID: 40d83b3896e1af90d2fc4c4e46fdb7afbf0c56c54527407c37180c612f6db515
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 142cad25816035ac1b29b6c4e55a3deab6ebdbd29f4bea9490b2cb5a38c870e8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1B12866A09A4AA5EA00AF16E85417D63A0FF89FC4F544433DE2E837B1EF3CE465D300
                                                                                                                                                                                                                              Function 61CC5881 Relevance: 33.5, APIs: 14, Strings: 5, Instructions: 217COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 695 61cc5881-61cc5885 696 61cc5e79-61cc5e83 695->696 697 61cc5887-61cc5890 695->697 700 61cc5e89-61cc5e95 696->700 701 61cc60c0-61cc60c7 696->701 698 61cc589b-61cc589f 697->698 699 61cc5892-61cc5899 697->699 702 61cc58dd-61cc58e6 call 61cc7590 698->702 703 61cc58a1-61cc58c4 call 61ccfef0 698->703 699->698 704 61cc5880 699->704 705 61cc636c-61cc638e exit 700->705 706 61cc5e9b-61cc5eae call 61cc13c0 700->706 701->705 712 61cc58eb-61cc58f1 702->712 716 61cc58c9-61cc58cc 703->716 704->695 709 61cc6394-61cc639e 705->709 710 61cc64a5-61cc64ac 705->710 719 61cc5eb4-61cc5ed3 PyErr_Format 706->719 720 61cc60b1-61cc60b8 706->720 714 61cc64c4-61cc64cb 709->714 715 61cc63a4-61cc63ae 709->715 717 61cc58f7-61cc58fd 712->717 718 61cc54d0-61cc54ef PyEval_GetFrame 712->718 723 61cc64cd-61cc64d7 714->723 724 61cc64b0-61cc64bf call 61cd0010 714->724 721 61cc63cc-61cc63db call 61cd4300 715->721 722 61cc63b0-61cc63ca call 61cd4330 free 715->722 725 61cc6315-61cc6328 call 61cc80e0 716->725 726 61cc58d2-61cc58d9 716->726 727 61cc5ac6-61cc5ace 717->727 728 61cc5903-61cc5905 717->728 729 61cc54f1-61cc5508 PyUnicode_FromFormat 718->729 730 61cc5562 718->730 719->720 720->701 744 61cc63dd free 721->744 745 61cc63e2-61cc63ec 721->745 722->721 723->722 734 61cc64dd 723->734 724->714 725->705 725->718 726->702 727->728 743 61cc5ad4-61cc5add PyEval_GetFrame 727->743 739 61cc5918-61cc593c PyUnicode_AsUTF8 728->739 740 61cc5907-61cc5912 728->740 729->730 738 61cc550a-61cc5519 Py_DecRef 729->738 741 61cc5564-61cc5576 730->741 734->721 738->741 747 61cc593e-61cc5956 739->747 748 61cc5958-61cc5972 PyImport_GetModuleDict PyDict_GetItem 739->748 740->739 746 61cc6199-61cc61a3 740->746 749 61cc62a6-61cc62aa 743->749 750 61cc5ae3-61cc5b00 743->750 744->745 752 61cc63ee free 745->752 753 61cc63f3-61cc63fd 745->753 754 61cc61a9-61cc61b5 746->754 755 61cc6306-61cc630d 746->755 747->748 756 61cc599d-61cc59bf PyImport_ExecCodeModuleObject PyErr_Occurred 747->756 748->756 757 61cc5974-61cc5997 PyModule_GetDict PyDict_GetItemString 748->757 749->728 750->728 751 61cc5b06-61cc5b11 750->751 751->728 752->753 758 61cc63ff free 753->758 759 61cc6404-61cc640b 753->759 754->705 760 61cc61bb-61cc61ce call 61cc13c0 754->760 755->725 756->718 762 61cc59c5-61cc59c9 756->762 757->756 761 61cc60e5-61cc60f7 PyEval_EvalCode 757->761 758->759 765 61cc640d free 759->765 766 61cc6412-61cc641c 759->766 775 61cc61d4-61cc61f9 PyErr_Format 760->775 776 61cc62f7-61cc62fe 760->776 763 61cc60fd-61cc611c Py_DecRef Py_IncRef 761->763 764 61cc551b-61cc553a PyEval_GetFrame 761->764 768 61cc59dc-61cc59e9 762->768 769 61cc59cb-61cc59d8 762->769 763->741 764->730 770 61cc553c-61cc5553 PyUnicode_FromFormat 764->770 765->766 772 61cc641e-61cc6422 766->772 773 61cc6428-61cc642f 766->773 768->741 769->768 770->730 774 61cc5555-61cc555c Py_DecRef 770->774 772->773 779 61cc64e2-61cc64ef _Py_Dealloc 772->779 777 61cc643b-61cc6445 773->777 778 61cc6431-61cc6435 773->778 774->730 775->718 776->755 781 61cc6447-61cc644b 777->781 782 61cc6451-61cc6458 777->782 778->777 783 61cc6500-61cc6510 _Py_Dealloc 778->783 779->778 780 61cc64f5 779->780 780->777 781->782 786 61cc6520-61cc652d _Py_Dealloc 781->786 782->710 785 61cc645a-61cc6460 782->785 783->781 784 61cc6516 783->784 784->782 787 61cc646c-61cc6473 785->787 788 61cc6462-61cc6466 785->788 786->785 789 61cc6533 786->789 791 61cc647f-61cc6486 787->791 792 61cc6475-61cc6479 787->792 788->787 790 61cc6550-61cc655a _Py_Dealloc 788->790 789->710 790->787 794 61cc6488-61cc648c 791->794 795 61cc6492-61cc6499 791->795 792->791 793 61cc6570-61cc657a _Py_Dealloc 792->793 793->791 794->795 796 61cc6560-61cc656a _Py_Dealloc 794->796 795->710 797 61cc649b-61cc649f 795->797 796->795 797->710 798 61cc6540-61cc6547 _Py_Dealloc 797->798 798->790
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyUnicode_AsUTF8.PYTHON310 ref: 61CC5924
                                                                                                                                                                                                                              • PyImport_GetModuleDict.PYTHON310 ref: 61CC5958
                                                                                                                                                                                                                              • PyDict_GetItem.PYTHON310 ref: 61CC5966
                                                                                                                                                                                                                              • PyModule_GetDict.PYTHON310 ref: 61CC5977
                                                                                                                                                                                                                              • PyDict_GetItemString.PYTHON310 ref: 61CC598A
                                                                                                                                                                                                                              • PyImport_ExecCodeModuleObject.PYTHON310 ref: 61CC59AD
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC59B6
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DictDict_Import_ItemModule$CodeErr_ExecModule_ObjectOccurredStringUnicode_
                                                                                                                                                                                                                              • String ID: $%s (%d:%d)$__main__$__mp_main__$__spec__
                                                                                                                                                                                                                              • API String ID: 4088344453-4025645406
                                                                                                                                                                                                                              • Opcode ID: a4cddb5d03bf338fd50233326f17270ead7959291250665b9a77482a27f73f7a
                                                                                                                                                                                                                              • Instruction ID: 8616776a3776f3ae34bb5c02e2edc679549f59525a613bde2febbfdd4a88b952
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4cddb5d03bf338fd50233326f17270ead7959291250665b9a77482a27f73f7a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA816732702A94C5FF19CBA6E5903AD7B61EB85F98F08C425CA6E47764EF29C845C342
                                                                                                                                                                                                                              Function 00007FF6DFF7F220 Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 353COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 799 7ff6dff7f220-7ff6dff7f24d call 7ff6dff89148 802 7ff6dff7f25f-7ff6dff7f278 setlocale 799->802 803 7ff6dff7f24f-7ff6dff7f25b _strdup 799->803 804 7ff6dff7f6ab-7ff6dff7f721 wcstombs realloc wcstombs setlocale free 802->804 805 7ff6dff7f27e-7ff6dff7f287 802->805 803->802 806 7ff6dff7f728-7ff6dff7f734 804->806 805->804 807 7ff6dff7f28d-7ff6dff7f332 mbstowcs call 7ff6dff7ee70 mbstowcs 805->807 810 7ff6dff7f39b-7ff6dff7f3a0 807->810 811 7ff6dff7f334-7ff6dff7f33f 807->811 812 7ff6dff7f3bb-7ff6dff7f3c5 810->812 813 7ff6dff7f3a2-7ff6dff7f3b1 810->813 814 7ff6dff7f341-7ff6dff7f34c 811->814 815 7ff6dff7f34e-7ff6dff7f363 811->815 819 7ff6dff7f3cb-7ff6dff7f3db 812->819 820 7ff6dff7f6a1-7ff6dff7f6a4 812->820 813->812 818 7ff6dff7f3b3-7ff6dff7f3b8 813->818 814->810 814->815 816 7ff6dff7f3ba 815->816 817 7ff6dff7f365-7ff6dff7f373 815->817 816->812 817->816 821 7ff6dff7f375-7ff6dff7f396 setlocale free 817->821 818->812 822 7ff6dff7f431-7ff6dff7f43b 819->822 820->804 823 7ff6dff7f6a6-7ff6dff7f6a9 821->823 824 7ff6dff7f3dd-7ff6dff7f3e8 822->824 825 7ff6dff7f43d 822->825 823->806 827 7ff6dff7f3ea-7ff6dff7f3f5 824->827 828 7ff6dff7f3fe-7ff6dff7f409 824->828 826 7ff6dff7f440-7ff6dff7f448 825->826 829 7ff6dff7f44a-7ff6dff7f5f3 826->829 830 7ff6dff7f44f-7ff6dff7f45c 826->830 831 7ff6dff7f42c 827->831 832 7ff6dff7f3f7 827->832 833 7ff6dff7f40b-7ff6dff7f416 828->833 834 7ff6dff7f3f9 828->834 839 7ff6dff7f5f5-7ff6dff7f600 829->839 840 7ff6dff7f602-7ff6dff7f607 829->840 836 7ff6dff7f478-7ff6dff7f480 830->836 837 7ff6dff7f45e-7ff6dff7f469 830->837 831->822 832->828 833->834 838 7ff6dff7f418-7ff6dff7f422 833->838 834->828 842 7ff6dff7f4da-7ff6dff7f4f0 836->842 843 7ff6dff7f482-7ff6dff7f48d 836->843 837->830 841 7ff6dff7f46b-7ff6dff7f476 837->841 844 7ff6dff7f424-7ff6dff7f428 838->844 845 7ff6dff7f43f 838->845 839->840 847 7ff6dff7f609-7ff6dff7f615 839->847 848 7ff6dff7f61a-7ff6dff7f679 wcstombs realloc wcstombs 840->848 841->830 841->836 846 7ff6dff7f4f7-7ff6dff7f502 842->846 849 7ff6dff7f49c-7ff6dff7f4b1 843->849 850 7ff6dff7f48f-7ff6dff7f49a 843->850 844->831 845->826 851 7ff6dff7f504-7ff6dff7f50f 846->851 852 7ff6dff7f4f2 846->852 847->848 853 7ff6dff7f67e-7ff6dff7f69f setlocale free 848->853 849->842 854 7ff6dff7f4b3-7ff6dff7f4c2 849->854 850->842 850->849 851->852 855 7ff6dff7f511-7ff6dff7f51d 851->855 852->846 853->823 854->842 856 7ff6dff7f4c4-7ff6dff7f4d3 854->856 857 7ff6dff7f533-7ff6dff7f537 855->857 858 7ff6dff7f51f-7ff6dff7f531 855->858 856->842 859 7ff6dff7f4d5 856->859 860 7ff6dff7f53b-7ff6dff7f543 857->860 858->857 858->860 859->842 861 7ff6dff7f59a-7ff6dff7f5a4 860->861 862 7ff6dff7f5a6-7ff6dff7f5cf wcstombs 861->862 863 7ff6dff7f545-7ff6dff7f562 861->863 862->853 864 7ff6dff7f5d5-7ff6dff7f5e3 862->864 865 7ff6dff7f564-7ff6dff7f577 863->865 866 7ff6dff7f580-7ff6dff7f58b 863->866 864->853 865->861 867 7ff6dff7f579 865->867 868 7ff6dff7f58d-7ff6dff7f598 866->868 869 7ff6dff7f57b 866->869 867->866 868->861 868->869 869->866
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcstombs$setlocale$free$mbstowcsrealloc$_strdup
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 918573998-3944641314
                                                                                                                                                                                                                              • Opcode ID: c5ee0499fa5628169db05d05735613bc8efeb40af6ea19e85eafb8c680fa8f82
                                                                                                                                                                                                                              • Instruction ID: b0bb3eca46c73ec4c6d61e9800e3e5428c6877fb6b3873fdff2a6a2fd9eaa479
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5ee0499fa5628169db05d05735613bc8efeb40af6ea19e85eafb8c680fa8f82
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DF13E66F04B5688EB508FAAC8412BD77B1FB48B98F804436DE5DA7798DF38D461C390
                                                                                                                                                                                                                              Function 00007FF6DFF71710 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 198fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1065 7ff6dff71710-7ff6dff7177d call 7ff6dff7a7c0 1068 7ff6dff719fb-7ff6dff71a13 call 7ff6dff72d90 1065->1068 1069 7ff6dff71783-7ff6dff71793 malloc 1065->1069 1083 7ff6dff71a18-7ff6dff71a36 1068->1083 1070 7ff6dff71a5a-7ff6dff71a71 call 7ff6dff72f10 1069->1070 1071 7ff6dff71799-7ff6dff717a9 malloc 1069->1071 1080 7ff6dff71a52 1070->1080 1074 7ff6dff71a3b-7ff6dff71a4d call 7ff6dff72f10 1071->1074 1075 7ff6dff717af 1071->1075 1074->1080 1078 7ff6dff717b3-7ff6dff717d5 fread 1075->1078 1081 7ff6dff717db-7ff6dff717e5 ferror 1078->1081 1082 7ff6dff718f5 1078->1082 1080->1070 1081->1082 1084 7ff6dff717eb-7ff6dff71805 1081->1084 1085 7ff6dff718fa-7ff6dff71927 call 7ff6dff7c650 free * 2 1082->1085 1086 7ff6dff71990-7ff6dff71998 1083->1086 1088 7ff6dff71808-7ff6dff71824 call 7ff6dff7a870 1084->1088 1087 7ff6dff71893-7ff6dff71895 1086->1087 1087->1088 1090 7ff6dff7189b-7ff6dff718b5 1087->1090 1097 7ff6dff7182a-7ff6dff7182d 1088->1097 1098 7ff6dff718d0-7ff6dff718d3 1088->1098 1093 7ff6dff718bb-7ff6dff718be 1090->1093 1094 7ff6dff71a73-7ff6dff71a75 1090->1094 1093->1078 1096 7ff6dff718c4-7ff6dff718cc 1093->1096 1094->1085 1096->1085 1099 7ff6dff718ce 1096->1099 1101 7ff6dff71833-7ff6dff7184c 1097->1101 1102 7ff6dff71930-7ff6dff71936 1097->1102 1100 7ff6dff718d9-7ff6dff718dc 1098->1100 1098->1101 1103 7ff6dff718e2-7ff6dff718f0 call 7ff6dff72d90 1099->1103 1100->1103 1104 7ff6dff71852-7ff6dff71874 fwrite 1101->1104 1105 7ff6dff71940-7ff6dff71949 1101->1105 1102->1103 1103->1082 1108 7ff6dff719ed-7ff6dff719f6 1104->1108 1109 7ff6dff7187a-7ff6dff71889 ferror 1104->1109 1105->1087 1106 7ff6dff7194f-7ff6dff71953 1105->1106 1110 7ff6dff71955-7ff6dff71959 1106->1110 1111 7ff6dff719a0-7ff6dff719eb 1106->1111 1108->1103 1109->1108 1112 7ff6dff7188f 1109->1112 1110->1083 1113 7ff6dff7195f-7ff6dff71962 1110->1113 1111->1086 1112->1087 1113->1086 1114 7ff6dff71964-7ff6dff71975 1113->1114 1114->1086 1115 7ff6dff71977-7ff6dff7198b 1114->1115 1115->1086
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ferrorfreemalloc$freadfwrite
                                                                                                                                                                                                                              • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                              • API String ID: 3559050057-1655038675
                                                                                                                                                                                                                              • Opcode ID: 62eed4cfbfaa732855b6b3e01fb02c6c80926af7a80d21806595b23648814707
                                                                                                                                                                                                                              • Instruction ID: c0a2989b2f348435a473791c0552fceb6c917691929fc3a3497eed9a5517a961
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62eed4cfbfaa732855b6b3e01fb02c6c80926af7a80d21806595b23648814707
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D581A572E0C68291E7608B26E8403BEA3A0FB44BA8F544132DEAD877D5DF7CD559C740
                                                                                                                                                                                                                              Function 00007FF6DFF71F20 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 132COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freadmalloc$_wfopenfclosefree
                                                                                                                                                                                                                              • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 2617120823-2084260460
                                                                                                                                                                                                                              • Opcode ID: 8c530e99f211ac12411ce80beb8c1e36b3f9bdd053f5727f3e698ff15fa3ad99
                                                                                                                                                                                                                              • Instruction ID: 043cdda40fdb1ef1b9a809d076d468cc2834f1fe66f82b4f194839115f8b96cc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c530e99f211ac12411ce80beb8c1e36b3f9bdd053f5727f3e698ff15fa3ad99
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0651ACA1F0964282EB148B25D4402BCA7A1EF88B98F648137DE2D877D9DF3CE525C744
                                                                                                                                                                                                                              Function 61D3FA70 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1243 61d3fa70-61d3fa88 1244 61d3fac2-61d3fac5 1243->1244 1245 61d3fa8a-61d3fa9c 1243->1245 1246 61d3fac7-61d3fad9 _errno 1244->1246 1247 61d3faa2-61d3faa4 1245->1247 1248 61d3fbb0-61d3fbb2 1245->1248 1253 61d3fb90-61d3fb99 _errno 1246->1253 1254 61d3fadf-61d3fae3 1246->1254 1249 61d3fbd0-61d3fbd2 1247->1249 1250 61d3faaa-61d3fab2 1247->1250 1251 61d3fbe4-61d3fbef 1248->1251 1252 61d3fbb4-61d3fbc5 1248->1252 1258 61d3fbd4-61d3fbda 1249->1258 1259 61d3fc28-61d3fc2d 1249->1259 1256 61d3fab4-61d3fabb 1250->1256 1257 61d3fabd-61d3fac0 1250->1257 1251->1246 1252->1246 1255 61d3fb9f-61d3fbae 1253->1255 1254->1253 1260 61d3fae9-61d3faec 1254->1260 1256->1246 1256->1257 1257->1246 1258->1251 1260->1253 1261 61d3faf2-61d3fafd 1260->1261 1262 61d3fb03-61d3fb31 CreateFileMappingA 1261->1262 1263 61d3fbf4-61d3fc08 _get_osfhandle 1261->1263 1264 61d3fb33-61d3fb66 MapViewOfFile CloseHandle 1262->1264 1265 61d3fb68-61d3fb8a GetLastError _errno 1262->1265 1263->1262 1266 61d3fc0e-61d3fc23 _errno 1263->1266 1264->1255 1264->1265 1266->1255
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                                                              • String ID: $@$@
                                                                                                                                                                                                                              • API String ID: 896588047-3743272326
                                                                                                                                                                                                                              • Opcode ID: b473d53525f37515d8b2ce07c67a023395be36e63a601f2f4f506b98d8fad01c
                                                                                                                                                                                                                              • Instruction ID: c75ee2ef624de56ef5ac33b9622be236562742b65e8a87ec4ed1251c85724638
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b473d53525f37515d8b2ce07c67a023395be36e63a601f2f4f506b98d8fad01c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 854102B3A1566886F7158B96AC0078A6511B78FBF5F4D8322DE79473E0EB3CC841C342
                                                                                                                                                                                                                              Function 00007FF6DFF71AC0 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 89COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _wfopenfclosefreadfreemalloc
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$_MEIPASS2$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 3354994319-975985129
                                                                                                                                                                                                                              • Opcode ID: b75b8568c4b256912a9e1c68b85e95a78c6b4c27be2cad1b3528ec8dd99e5e38
                                                                                                                                                                                                                              • Instruction ID: b53e8c7804d4d6c24d3277b7c5c428d67e8ed54d4f7925f615f43ad1af85cf2b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b75b8568c4b256912a9e1c68b85e95a78c6b4c27be2cad1b3528ec8dd99e5e38
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C031E191F09557A0FE149B169814BFE9750AF00BD8F946033DD2D8B7A6FE2CE42AC380
                                                                                                                                                                                                                              Function 00007FF6DFF762A0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 122COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfflush$strcmpstrncmp
                                                                                                                                                                                                                              • String ID: Failed to allocate PyConfig structure! Unsupported python version?$Failed to parse run-time options!$Failed to pre-C7Dlwp4k embedded python interpreter!$Failed to set module search paths!$Failed to set program name!$Failed to set python home path!$Failed to set run-time options!$Failed to set sys.argv!$Failed to start embedded python interpreter!
                                                                                                                                                                                                                              • API String ID: 2710203250-2440087815
                                                                                                                                                                                                                              • Opcode ID: 4f236a89a7cd51b2b3fca8f5acd636a7ada8452e1d5d72af4d0157a058538f47
                                                                                                                                                                                                                              • Instruction ID: 4a18029d0a3b4edc6e080692d3548aa969e7a30d8f3fd75af06c40f0977b054f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f236a89a7cd51b2b3fca8f5acd636a7ada8452e1d5d72af4d0157a058538f47
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64512B11E0C65391FA15AB2AA8511BDD364AF80BD4F440033EE7EC77E2EE2DE5268750
                                                                                                                                                                                                                              Function 00007FF6DFF716D0 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 298stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1363 7ff6dff716d0-7ff6dff73c73 call 7ff6dff78e40 call 7ff6dff7ee70 call 7ff6dff72160 1371 7ff6dff740ca 1363->1371 1372 7ff6dff73c79-7ff6dff73c8c call 7ff6dff74420 1363->1372 1374 7ff6dff740d8-7ff6dff740e4 call 7ff6dff780b0 1371->1374 1372->1371 1376 7ff6dff73c92-7ff6dff73ca7 call 7ff6dff744a0 1372->1376 1382 7ff6dff740f0-7ff6dff740fd call 7ff6dff77120 1374->1382 1376->1371 1381 7ff6dff73cad-7ff6dff73cc2 call 7ff6dff77c80 1376->1381 1387 7ff6dff73fb8 1381->1387 1388 7ff6dff73cc8-7ff6dff73cda call 7ff6dff77c80 1381->1388 1389 7ff6dff74108-7ff6dff7410e 1382->1389 1391 7ff6dff73fc0 1387->1391 1394 7ff6dff73fd0-7ff6dff73fe1 call 7ff6dff77d70 call 7ff6dff72250 1388->1394 1395 7ff6dff73ce0-7ff6dff73ce6 1388->1395 1392 7ff6dff740bb-7ff6dff740c5 call 7ff6dff72d90 1389->1392 1391->1394 1392->1371 1403 7ff6dff73fe6-7ff6dff73fe8 1394->1403 1395->1391 1398 7ff6dff73cec-7ff6dff73d1e free call 7ff6dff77d70 * 2 call 7ff6dff72250 1395->1398 1414 7ff6dff73d24-7ff6dff73d34 call 7ff6dff72250 1398->1414 1415 7ff6dff73ec0-7ff6dff73ed9 call 7ff6dff73600 1398->1415 1405 7ff6dff73fea-7ff6dff73ffa call 7ff6dff72250 1403->1405 1406 7ff6dff74050-7ff6dff7406c call 7ff6dff73600 1403->1406 1416 7ff6dff74000 1405->1416 1417 7ff6dff7411e-7ff6dff74130 call 7ff6dff72d90 1405->1417 1421 7ff6dff74071-7ff6dff7407c call 7ff6dff723b0 1406->1421 1414->1417 1427 7ff6dff73d3a-7ff6dff73d3d 1414->1427 1429 7ff6dff73edb-7ff6dff73edd 1415->1429 1430 7ff6dff73ee3-7ff6dff73ee6 1415->1430 1426 7ff6dff74010-7ff6dff7401f call 7ff6dff76bd0 1416->1426 1417->1371 1421->1371 1436 7ff6dff7407e-7ff6dff74081 1421->1436 1443 7ff6dff74033-7ff6dff74047 call 7ff6dff77010 call 7ff6dff76eb0 1426->1443 1444 7ff6dff74021-7ff6dff7402d call 7ff6dff76df0 1426->1444 1434 7ff6dff73e58-7ff6dff73e6d call 7ff6dff744d0 1427->1434 1435 7ff6dff73d43-7ff6dff73d5b call 7ff6dff73600 1427->1435 1429->1421 1429->1430 1432 7ff6dff73eec-7ff6dff73eee 1430->1432 1433 7ff6dff73d73-7ff6dff73d8f call 7ff6dff78ef0 1430->1433 1432->1436 1438 7ff6dff73ef4-7ff6dff73efb 1432->1438 1456 7ff6dff73d95-7ff6dff73d9e SetDllDirectoryW call 7ff6dff76e70 1433->1456 1457 7ff6dff74110-7ff6dff7411c call 7ff6dff72d90 1433->1457 1434->1389 1454 7ff6dff73e73-7ff6dff73eb3 call 7ff6dff78a10 1434->1454 1435->1433 1455 7ff6dff73d5d-7ff6dff73d60 1435->1455 1436->1433 1439 7ff6dff74087-7ff6dff74094 call 7ff6dff76e70 1436->1439 1438->1433 1459 7ff6dff7409a-7ff6dff740a4 call 7ff6dff76eb0 1439->1459 1460 7ff6dff73f00-7ff6dff73f0d call 7ff6dff769e0 1439->1460 1443->1406 1444->1382 1444->1443 1476 7ff6dff73eb9 1454->1476 1477 7ff6dff740b0-7ff6dff740b5 fclose 1454->1477 1455->1433 1463 7ff6dff73d62-7ff6dff73d6d call 7ff6dff723b0 1455->1463 1465 7ff6dff73da3-7ff6dff73dab 1456->1465 1457->1371 1480 7ff6dff73f26-7ff6dff73f35 call 7ff6dff73660 1459->1480 1460->1426 1479 7ff6dff73f13-7ff6dff73f20 call 7ff6dff76eb0 1460->1479 1463->1371 1463->1433 1465->1460 1472 7ff6dff73db1-7ff6dff73db6 call 7ff6dff76eb0 1465->1472 1481 7ff6dff73dbb-7ff6dff73dcc strcmp 1472->1481 1476->1415 1477->1392 1479->1480 1479->1481 1480->1371 1489 7ff6dff73f3b-7ff6dff73f49 1480->1489 1484 7ff6dff73e10-7ff6dff73e1b call 7ff6dff73b80 call 7ff6dff73b90 1481->1484 1485 7ff6dff73dce-7ff6dff73df1 call 7ff6dff73c10 1481->1485 1498 7ff6dff73e20-7ff6dff73e39 call 7ff6dff73bf0 call 7ff6dff77010 call 7ff6dff76eb0 1484->1498 1485->1371 1495 7ff6dff73df7-7ff6dff73e0b strcpy 1485->1495 1493 7ff6dff73f4b 1489->1493 1494 7ff6dff73f52-7ff6dff73f65 call 7ff6dff77d10 call 7ff6dff78670 1489->1494 1493->1494 1494->1371 1505 7ff6dff73f6b-7ff6dff73f9e call 7ff6dff73c00 call 7ff6dff78680 call 7ff6dff77010 call 7ff6dff76eb0 1494->1505 1495->1484 1510 7ff6dff73e3e-7ff6dff73e53 1498->1510 1505->1374 1517 7ff6dff73fa4-7ff6dff73fac call 7ff6dff721a0 1505->1517 1517->1510
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$EnvironmentVariablestrcpy$DirectoryFileModuleNamecallocstrcmp
                                                                                                                                                                                                                              • String ID: Cannot side-load external archive %s (code %d)!$Error opening archive IrNk6XIbAZ from executable (%s) or external archive (%s)$Failed to convert DLL search path!$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                              • API String ID: 2787634916-3664968274
                                                                                                                                                                                                                              • Opcode ID: 8ab4ae117decd85d3be84a159dd5d500e8c4ae14a293ed636c4e2ffd3fd6aa2a
                                                                                                                                                                                                                              • Instruction ID: 83aba9533eaca010ce55228cc880f2d050f975e536582eeb88061daeff42b67a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ab4ae117decd85d3be84a159dd5d500e8c4ae14a293ed636c4e2ffd3fd6aa2a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6C19D21E1C64390FA54AF22A8112BED790AF44BC0F544533EE6EC77E6EE3CF5658641
                                                                                                                                                                                                                              Function 00007FF8A8631CF3 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 248COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1520 7ff8a8631cf3-7ff8a86767b4 call 7ff8a86312ee * 2 1527 7ff8a86767ba-7ff8a86767d1 ERR_clear_error SetLastError 1520->1527 1528 7ff8a8676b41-7ff8a8676b5b 1520->1528 1529 7ff8a86767d3-7ff8a86767da 1527->1529 1530 7ff8a86767e1-7ff8a86767e8 1527->1530 1529->1530 1531 7ff8a86767ea-7ff8a86767ee 1530->1531 1532 7ff8a86767f6-7ff8a8676803 1530->1532 1533 7ff8a8676815-7ff8a867681a 1531->1533 1534 7ff8a86767f0-7ff8a86767f4 1531->1534 1532->1533 1535 7ff8a8676805-7ff8a867680f call 7ff8a863188e 1532->1535 1537 7ff8a867681c-7ff8a867681f 1533->1537 1538 7ff8a8676826 1533->1538 1534->1532 1534->1533 1535->1528 1535->1533 1539 7ff8a867682a-7ff8a8676831 1537->1539 1540 7ff8a8676821 1537->1540 1538->1539 1543 7ff8a867687b-7ff8a8676890 1539->1543 1544 7ff8a8676833-7ff8a8676841 1539->1544 1542 7ff8a8676a40-7ff8a8676a43 1540->1542 1547 7ff8a8676a58-7ff8a8676a5b 1542->1547 1548 7ff8a8676a45-7ff8a8676a48 call 7ff8a8676290 1542->1548 1545 7ff8a86768ef-7ff8a86768f9 1543->1545 1546 7ff8a8676892-7ff8a867689c 1543->1546 1549 7ff8a867686d-7ff8a8676875 1544->1549 1550 7ff8a8676843-7ff8a867684a 1544->1550 1552 7ff8a8676905-7ff8a867691b call 7ff8a8631fa5 1545->1552 1554 7ff8a86768fb-7ff8a8676903 1545->1554 1551 7ff8a867689e-7ff8a86768a1 1546->1551 1546->1552 1556 7ff8a8676a5d-7ff8a8676a60 call 7ff8a8676d40 1547->1556 1557 7ff8a8676a97-7ff8a8676a9b 1547->1557 1561 7ff8a8676a4d-7ff8a8676a50 1548->1561 1549->1543 1550->1549 1555 7ff8a867684c-7ff8a867685b 1550->1555 1559 7ff8a86768aa 1551->1559 1560 7ff8a86768a3-7ff8a86768a8 1551->1560 1582 7ff8a867691d-7ff8a8676925 1552->1582 1583 7ff8a8676927-7ff8a867692e 1552->1583 1564 7ff8a86768b2-7ff8a86768d0 ERR_put_error 1554->1564 1555->1549 1566 7ff8a867685d-7ff8a8676864 1555->1566 1567 7ff8a8676a65-7ff8a8676a68 1556->1567 1562 7ff8a8676a9d-7ff8a8676aa0 1557->1562 1563 7ff8a8676aa2-7ff8a8676ac8 ERR_put_error 1557->1563 1559->1564 1560->1552 1560->1559 1570 7ff8a8676a56 1561->1570 1571 7ff8a8676b17 1561->1571 1562->1563 1572 7ff8a8676af5-7ff8a8676b12 ERR_put_error 1562->1572 1573 7ff8a8676aca-7ff8a8676ace 1563->1573 1574 7ff8a8676ad0-7ff8a8676ae2 1563->1574 1568 7ff8a86768dc-7ff8a86768ea 1564->1568 1569 7ff8a86768d2-7ff8a86768d6 1564->1569 1566->1549 1576 7ff8a8676866-7ff8a867686b 1566->1576 1577 7ff8a8676a7c-7ff8a8676a82 1567->1577 1578 7ff8a8676a6a-7ff8a8676a7a 1567->1578 1579 7ff8a8676b1a-7ff8a8676b28 BUF_MEM_free 1568->1579 1569->1568 1569->1579 1580 7ff8a8676a34-7ff8a8676a3d 1570->1580 1571->1579 1572->1571 1573->1572 1573->1574 1574->1572 1581 7ff8a8676ae4-7ff8a8676af0 call 7ff8a8632171 1574->1581 1576->1543 1576->1549 1577->1579 1584 7ff8a8676a88-7ff8a8676a92 1577->1584 1578->1542 1579->1528 1588 7ff8a8676b2a-7ff8a8676b38 1579->1588 1580->1542 1581->1572 1582->1564 1586 7ff8a8676970-7ff8a867697a call 7ff8a8631f5a 1583->1586 1587 7ff8a8676930-7ff8a867693b call 7ff8a869dc0f 1583->1587 1584->1579 1597 7ff8a867697c 1586->1597 1598 7ff8a86769c1-7ff8a86769e0 call 7ff8a8631edd 1586->1598 1595 7ff8a867693d-7ff8a8676945 1587->1595 1596 7ff8a867694a-7ff8a867695a BUF_MEM_grow 1587->1596 1589 7ff8a8676b3f 1588->1589 1590 7ff8a8676b3a 1588->1590 1589->1528 1590->1589 1595->1564 1599 7ff8a867695c-7ff8a8676964 1596->1599 1600 7ff8a8676969 1596->1600 1601 7ff8a8676984-7ff8a86769a2 ERR_put_error 1597->1601 1606 7ff8a86769ec-7ff8a86769f0 1598->1606 1607 7ff8a86769e2-7ff8a86769ea 1598->1607 1599->1564 1600->1586 1603 7ff8a86769ae-7ff8a86769bc 1601->1603 1604 7ff8a86769a4-7ff8a86769a8 1601->1604 1603->1571 1604->1571 1604->1603 1608 7ff8a86769f8-7ff8a86769ff 1606->1608 1609 7ff8a86769f2-7ff8a86769f6 1606->1609 1607->1601 1608->1580 1610 7ff8a8676a01-7ff8a8676a0e call 7ff8a86317df 1608->1610 1609->1608 1609->1610 1610->1579 1613 7ff8a8676a14-7ff8a8676a22 1610->1613 1614 7ff8a8676a2d 1613->1614 1615 7ff8a8676a24-7ff8a8676a2b 1613->1615 1614->1580 1615->1580 1615->1614
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_put_error$ErrorLastM_freeM_growR_clear_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                                              • API String ID: 2562538362-2512360314
                                                                                                                                                                                                                              • Opcode ID: 5a18f19eade6bbdf1c3fd5c0022a7e5d24853fc1c8443fcb9dd35289795e6565
                                                                                                                                                                                                                              • Instruction ID: fceff6042176d1664acf0b111c8f85ad4faed97217ac9273ebe697cc24a611b4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a18f19eade6bbdf1c3fd5c0022a7e5d24853fc1c8443fcb9dd35289795e6565
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DB1A2B2E0A242A6F7A49F25C44837937E1EB40BC8F146035DA4C47795DF3DE885CBA9
                                                                                                                                                                                                                              Function 61CDF680 Relevance: 15.5, APIs: 2, Strings: 8, Instructions: 455COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: in != NULL$key != NULL$key != NULL$ltc_mp.name != NULL$ltc_mp.name != NULL$size > 0$src/pk/rsa/rsa_import.c$src/pk/rsa/rsa_make_key.c
                                                                                                                                                                                                                              • API String ID: 306872129-2031961738
                                                                                                                                                                                                                              • Opcode ID: 9aac367d4d9d0c17e2a34d24c83e6ff2f9d842589f5c903137b548d993848e72
                                                                                                                                                                                                                              • Instruction ID: 609de8d0fdfe09d474ac4165902bd0003608ba447b1a147e163e670c47316bd2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9aac367d4d9d0c17e2a34d24c83e6ff2f9d842589f5c903137b548d993848e72
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8122976608B81C6E760CF66E45478EBBA4F784BC8F048116EF8987B58EF79C495CB40
                                                                                                                                                                                                                              Function 61CDC540 Relevance: 14.7, APIs: 4, Strings: 5, Instructions: 1167COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: a != NULL$b != NULL$c != NULL$d != NULL$src/math/tfm_desc.c
                                                                                                                                                                                                                              • API String ID: 0-1480740242
                                                                                                                                                                                                                              • Opcode ID: 43a186c766ca1d2dbcd47a0f16d9229582f8bd80e7719955eb51f550f4e35b66
                                                                                                                                                                                                                              • Instruction ID: 899ec6a48472be91919d6f2b3995c223f97fd7625b0174158b3a8ed20f2355d7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43a186c766ca1d2dbcd47a0f16d9229582f8bd80e7719955eb51f550f4e35b66
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1692D574F12986C1FF05DBA5D8813FC6AA2EBA5784F84D519CA0E43690FB3EC256CB50
                                                                                                                                                                                                                              Function 00007FF8A8631B45 Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 571COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy$O_clear_flagsO_set_flags
                                                                                                                                                                                                                              • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number
                                                                                                                                                                                                                              • API String ID: 1692547093-34800109
                                                                                                                                                                                                                              • Opcode ID: 3f7b08efb40acede6e7db4cb099754d1f20ad0c872ddb133913668b6976d7c20
                                                                                                                                                                                                                              • Instruction ID: c18dde37f0cddeac1399a3514eec88209743532e30a1dcc91d3195569e0d7ead
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f7b08efb40acede6e7db4cb099754d1f20ad0c872ddb133913668b6976d7c20
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD42DF32A0A782A6FA748F15D54837E76A0FB417D4F146135EB8E07B91CF3DE460A728
                                                                                                                                                                                                                              Function 00007FF6DFF76490 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 102stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freestrlen
                                                                                                                                                                                                                              • String ID: Failed to get _MEIPASS as PyObject.$Module object for %s is NULL!$_MEIPASS$_MEIPASS2$strict$utf-8
                                                                                                                                                                                                                              • API String ID: 322734593-568040347
                                                                                                                                                                                                                              • Opcode ID: e2ab7b0680e4429b5e230e4caf005a74eeca196501d88c7380114935420e399f
                                                                                                                                                                                                                              • Instruction ID: e8518395bc81662b837a93de50228821deddaa71410712a11e3d66e3c590b473
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2ab7b0680e4429b5e230e4caf005a74eeca196501d88c7380114935420e399f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13417C62F09A46A1EE159F26E84447D6360BF49FD4B884177EE2E873A4DE3CE465D300
                                                                                                                                                                                                                              Function 61D3F9E3 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 896588047-3916222277
                                                                                                                                                                                                                              • Opcode ID: 34f910369a867b5564e74c5bc8bc86b68905e5fdacad7ef74a30051b781ed1dd
                                                                                                                                                                                                                              • Instruction ID: bd968f805c8a8168607a62bb61df2966df0892bc66a5b11bb4c51e1a41d9b54d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34f910369a867b5564e74c5bc8bc86b68905e5fdacad7ef74a30051b781ed1dd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B941CEBB20D6D09ED312CB649CA174D3FA4BB8AB54F09C346DFA483391D72CA4A5D302
                                                                                                                                                                                                                              Function 00007FF8A8631497 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy$ErrorLastO_read
                                                                                                                                                                                                                              • String ID: ..\s\ssl\record\rec_layer_s3.c
                                                                                                                                                                                                                              • API String ID: 1958097105-2209325370
                                                                                                                                                                                                                              • Opcode ID: 83668bf32006c5783a5dc4ffc212bfc49eadf443eaa9813d3b7cb11514e49313
                                                                                                                                                                                                                              • Instruction ID: dcdd3f11ef427e661a982f7764e7f86b80271362c32bdff915637659fbc1eccb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83668bf32006c5783a5dc4ffc212bfc49eadf443eaa9813d3b7cb11514e49313
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E81A172A0AA8592FB519E25D4487B92BA5FB00FC8F145136DE8C0BB88DF39D446C368
                                                                                                                                                                                                                              Function 00007FF8A8676290 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • BUF_MEM_grow_clean.LIBCRYPTO-1_1(?,?,?,00000000,?,-00000031,00007FF8A8676A4D), ref: 00007FF8A8676431
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: M_grow_clean
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                                              • API String ID: 964628749-2512360314
                                                                                                                                                                                                                              • Opcode ID: 7a77c42f21e6545b3253a2a35eacc0d4b118e17c4845b2e3276a665ed4b67177
                                                                                                                                                                                                                              • Instruction ID: 4bfd51b398c7f580ae0b699e582d8192f9fa52f54fcfdfd6451d524aecf8cce3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a77c42f21e6545b3253a2a35eacc0d4b118e17c4845b2e3276a665ed4b67177
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48A1C1B2A0A682A5FB61CF25D4483B93BA0FB44BC8F446135CA4E47798CF7DE485C764
                                                                                                                                                                                                                              Function 00007FF8A8657120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: C_get_current_jobR_put_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                              • API String ID: 4281227279-1080266419
                                                                                                                                                                                                                              • Opcode ID: 8cd2e79bd01e4c605c840c68644f3601f27a72c746b1b2c873290dc5c8e684b8
                                                                                                                                                                                                                              • Instruction ID: 73d8f6cdcd5b124b1c2848a09bf7dc2ef7cb712736aba24e525426bf03d73638
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8cd2e79bd01e4c605c840c68644f3601f27a72c746b1b2c873290dc5c8e684b8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42219032B0A64296FB54DF25E5092AD33A0EF88BC4F483131EE4D47785EF3CE5558A28
                                                                                                                                                                                                                              Function 00007FF6DFF78A10 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freemalloc
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 3061335427-3944641314
                                                                                                                                                                                                                              • Opcode ID: 30bea74480df5144b0e88ebe706ce1ab35208d2e40c2af47dddbd5c4f15bae86
                                                                                                                                                                                                                              • Instruction ID: bd066e40b249c5803f80c6c65fa401b7f2a4824d1a5a8010002be6c37174075a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30bea74480df5144b0e88ebe706ce1ab35208d2e40c2af47dddbd5c4f15bae86
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F521F152F0915210FE109A2799197FECB41AF45BC8F984832DE1D8B392EE3CE152C200
                                                                                                                                                                                                                              Function 00007FF6DFF72250 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 63stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcpy
                                                                                                                                                                                                                              • String ID: pyi-contents-directory$pyi-contents-directory option not found in onedir bundle archive!
                                                                                                                                                                                                                              • API String ID: 3177657795-1958350669
                                                                                                                                                                                                                              • Opcode ID: 144c37537c1f78c3223557a0433869cfc476ad927a52626deb4d2883448216f2
                                                                                                                                                                                                                              • Instruction ID: 98332f0639dfc2f6523e0c0d467c83d8dbd001778be503606b5d6fd081819779
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 144c37537c1f78c3223557a0433869cfc476ad927a52626deb4d2883448216f2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC218E51F0868394FB61AA62AC053FD9340AF54BC4F844033ED2DC77DAEE6CE62AC650
                                                                                                                                                                                                                              Function 00007FF6DFF76E70 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: calloc
                                                                                                                                                                                                                              • String ID: Cannot allocate memory for SPLASH_STATUS.$calloc
                                                                                                                                                                                                                              • API String ID: 2635317215-799113134
                                                                                                                                                                                                                              • Opcode ID: 942f8fe5890305979e7b23bd6c61b12b378b7291ddffaf8757f4366481b4c106
                                                                                                                                                                                                                              • Instruction ID: 167647614fc9035ebad04c5e0a32e68d695ae085befdb3ef582847a3ffa897c2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 942f8fe5890305979e7b23bd6c61b12b378b7291ddffaf8757f4366481b4c106
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7E0ECA1F08A0780EA245711E4511AE5761DB84344F940437DA6D877A5EE2CE5318754
                                                                                                                                                                                                                              Function 00007FF8A8676D40 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • ERR_put_error.LIBCRYPTO-1_1(?,?,00000000,?,00007FF8A8676A65), ref: 00007FF8A86770C8
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_put_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                                              • API String ID: 1767461275-2512360314
                                                                                                                                                                                                                              • Opcode ID: bd53e6fc818244c25e435d994b3a884f1f165cbe6141e99f021bcfac66b9e287
                                                                                                                                                                                                                              • Instruction ID: 322704e6ecccebb6c1d0a96a7b90010b68c14f23b19a06ad3d2fc57ebd0ae7dd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd53e6fc818244c25e435d994b3a884f1f165cbe6141e99f021bcfac66b9e287
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF91C3B2A19642A6FB60DF25D4583BC37A1FB40BC8F042136DA4D47694CF3DE944CB68
                                                                                                                                                                                                                              Function 00007FF8A8676668 Relevance: 3.3, APIs: 2, Instructions: 316COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1231514297-0
                                                                                                                                                                                                                              • Opcode ID: d91c353022e18e8c7fba8ab01a5b39995b184d47e2ab8ef492f61c0125e03bd4
                                                                                                                                                                                                                              • Instruction ID: 4138a9249bfb3fed9b200daed7242eca4332af539f17e8c852477d66ca2e68fc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d91c353022e18e8c7fba8ab01a5b39995b184d47e2ab8ef492f61c0125e03bd4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2121C0B2E0A602E6F7A48E25944933D3790EF41FC4F24A434DA4C57285DF38E891C7B9
                                                                                                                                                                                                                              Function 00007FF8A8675F80 Relevance: 3.1, APIs: 2, Instructions: 60COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1231514297-0
                                                                                                                                                                                                                              • Opcode ID: dd87c8fa57a67f30e78edd1cda4d61b8500bc7ecdac66fbb42d91985a94daee1
                                                                                                                                                                                                                              • Instruction ID: 8028278e0b535b06505f52dbeaea7a4e85154ff3696c755e665fd7aa4d67c65f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd87c8fa57a67f30e78edd1cda4d61b8500bc7ecdac66fbb42d91985a94daee1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62218EB2E0A602A6F7A49F25844937D37A1EF41FC4F14A034EA4D56285DF38E891C7B9
                                                                                                                                                                                                                              Function 00007FF6DFF7FEF0 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fsetpos
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 850078086-0
                                                                                                                                                                                                                              • Opcode ID: 494cfbfd0869b4bd86ec742704f25e9796c654e056705adcf2f762cf5b6a1ee1
                                                                                                                                                                                                                              • Instruction ID: ba8272c1e2f4161f1bfb219e5db670d3cf4165b3be4ac2ab6d83ee38dc78ba83
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 494cfbfd0869b4bd86ec742704f25e9796c654e056705adcf2f762cf5b6a1ee1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32115CB2E05B829AEB209F7584411EC67A1EB0979CF504A36EA7D877D9DF38D070C280
                                                                                                                                                                                                                              Function 00007FF6DFF78610 Relevance: 3.0, APIs: 2, Instructions: 20libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DFF78EF0: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF6DFF72F00), ref: 00007FF6DFF78F26
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32 ref: 00007FF6DFF78631
                                                                                                                                                                                                                              • free.MSVCRT ref: 00007FF6DFF7863D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharLibraryLoadMultiWidefree
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3231889924-0
                                                                                                                                                                                                                              • Opcode ID: 025484cb09e70cc9f28b378bb3fad4c85954a6dd3767711329c1eeef3697bfbd
                                                                                                                                                                                                                              • Instruction ID: 1becf51a574c79328afd0e6a6a1c8b2f2345e4952dcaffc89dc4e92d28d4d4a0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 025484cb09e70cc9f28b378bb3fad4c85954a6dd3767711329c1eeef3697bfbd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8D05E11F2A1B601FEE8B77B2C1A6AE46411F89FD4E98D435DC1E87B42ED2DD5928700
                                                                                                                                                                                                                              Function 00007FF6DFF7FDAB Relevance: 2.6, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freememsetwcslen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2332356550-0
                                                                                                                                                                                                                              • Opcode ID: e88c4608d201782b6472b1c03b40e46fee2dc1c91fef45b03c45720059a672e0
                                                                                                                                                                                                                              • Instruction ID: e4d162cb836cd76cdf3d0085fbfe1ff703bbc7296ca6173950c48b4b4476b6f8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e88c4608d201782b6472b1c03b40e46fee2dc1c91fef45b03c45720059a672e0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8331C866F04B1489EB10CF7AD48109C3BB1FB58BA8B108526EE5C57B68EF34C5A1C790
                                                                                                                                                                                                                              Function 00007FF8A8631E33 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_ctrl
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3605655398-0
                                                                                                                                                                                                                              • Opcode ID: c1da98bc727de0285aaba979841360076624c623f116a6a3bfa264bbc0fd5706
                                                                                                                                                                                                                              • Instruction ID: 6b86145ea67d940744124c3fe80ccf9101cc609d311138f69a711846bb7ccb1b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c1da98bc727de0285aaba979841360076624c623f116a6a3bfa264bbc0fd5706
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1931BF32708B8586E7908F65E444BED77A0F789B88F085136EF9C4BB49CF79C1958B24
                                                                                                                                                                                                                              Function 61D410F0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                              • Opcode ID: 531dd30f406ed16142e4044d0df50ffebc8c0c5486a1135a9399a8d773c52e95
                                                                                                                                                                                                                              • Instruction ID: 49a2cc5055a7411c2625e3138c7ff33fbac87888a2d8349746646227ad33327b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 531dd30f406ed16142e4044d0df50ffebc8c0c5486a1135a9399a8d773c52e95
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68F01C703B6134C5FE3147A9DA00F5439715707B91E58D3069DA41ABE4D55BE2A58F02
                                                                                                                                                                                                                              Function 00007FF8A8676130 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_put_error
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1767461275-0
                                                                                                                                                                                                                              • Opcode ID: 4f48c1642cd8e079b41de6a7940bea788ae535b90593227ebd844b7e21ca7648
                                                                                                                                                                                                                              • Instruction ID: 31f478486f5d3807ec830623910cf0aab1ad04ecf3df69b539a024569ff0da3d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f48c1642cd8e079b41de6a7940bea788ae535b90593227ebd844b7e21ca7648
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0101D172A1924186F7A48E6DD40C36977A0EB84BCCF141035EE58437EACB3DD884CB54
                                                                                                                                                                                                                              Function 00007FF6DFF744D0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DFF78EF0: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF6DFF72F00), ref: 00007FF6DFF78F26
                                                                                                                                                                                                                              • _wfopen.MSVCRT ref: 00007FF6DFF74515
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_wfopen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 372205238-0
                                                                                                                                                                                                                              • Opcode ID: 460021445462d38f751c38bff17167d13b53ccdfd410499e5b587a202733885b
                                                                                                                                                                                                                              • Instruction ID: 9d83d13d86bbd2136fd3f6e93965e452c138be5e61d9ed3a67b67243d88186e1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 460021445462d38f751c38bff17167d13b53ccdfd410499e5b587a202733885b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51E09A91B0825001FA246216AA047EE8312AF4AFC4E408032EE1C9BB8ACE2CD2638708
                                                                                                                                                                                                                              Function 00007FF8A8631C53 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_ctrl
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3605655398-0
                                                                                                                                                                                                                              • Opcode ID: 1c3f39584990be4e739d6b1426a93424ac52aed5e56eaee72e8e1012d233033e
                                                                                                                                                                                                                              • Instruction ID: d0d3ecb254281e3771ee16957239cc04bdae72e32e2bb7c8defc9b23918dfc12
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c3f39584990be4e739d6b1426a93424ac52aed5e56eaee72e8e1012d233033e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24E041F2F1550256F7505775944B7642650DB48754F642030DE0CC6682E75DD9D34658
                                                                                                                                                                                                                              Function 00007FF8A86E2B53 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3978063606-0
                                                                                                                                                                                                                              • Opcode ID: 0f56840c3668eef90e64ac72c1166a1ce6f4bd6752172c29d911233d513c3bc9
                                                                                                                                                                                                                              • Instruction ID: dc7ab491fd5a805add40d87b39446a2e945bb5cbee881f4bd4425d70391c793c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f56840c3668eef90e64ac72c1166a1ce6f4bd6752172c29d911233d513c3bc9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EC01225F0700257F7482338A85616D11509F48350FD04034F00EC2AA0FE0CA8599B19
                                                                                                                                                                                                                              Function 61D3E130 Relevance: 1.5, APIs: 1, Instructions: 213COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                                              • Opcode ID: e171eb12b2caf9bff91b63673bff23f6913cf624baee4941fd5105bb93664278
                                                                                                                                                                                                                              • Instruction ID: f784ed66063ed990e3e2136b6c142df3ed9a6f4840c3b9a9751c8a3f0f056d61
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e171eb12b2caf9bff91b63673bff23f6913cf624baee4941fd5105bb93664278
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4918BB2605BA4C5EB558F66D05035D3BA0E78AFDCF18821ACE99173E8DB38C895C390
                                                                                                                                                                                                                              Function 00007FF6DFF7D7E0 Relevance: 1.3, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                                              • Opcode ID: 4a3cd53f5ab6c9f56d3a5cf8db0897558940d4d2ad38b878033855946d3f594a
                                                                                                                                                                                                                              • Instruction ID: 56a6df174f2534fca10e9255a24ee1bc4e19a63f972ccb56a52b0519f40624f3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a3cd53f5ab6c9f56d3a5cf8db0897558940d4d2ad38b878033855946d3f594a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65311726F0471599FB108BA6D4403BC77B0A704B88F94407ADEAC97B98DF3CD6A9C714
                                                                                                                                                                                                                              Function 61D3E5B0 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • malloc.MSVCRT(?,?,00000000,?,61D21420,00000000,?,?,61CD4366,?,?,?,?,?,?), ref: 61D3E5BF
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                              • Opcode ID: 7a769ee3dffd10594c224eb626ffee38f5d175eb6511ca44a6aa877a12a9c7a8
                                                                                                                                                                                                                              • Instruction ID: 69379a310f6d85bf6c6fb9f9e9f1839c0d20d3465fcf03863d076b89338053ad
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a769ee3dffd10594c224eb626ffee38f5d175eb6511ca44a6aa877a12a9c7a8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CD01266BC7A5581D50D9B573C402D895A6675EBE0E4CC4348E8E97315EC3864A74300
                                                                                                                                                                                                                              Function 61D3E630 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                              • Opcode ID: b49b276dedcc1e6ac4234f2e8d46d4c294a95776399f1bbabf67ed100b30ae7a
                                                                                                                                                                                                                              • Instruction ID: 579e8cea84a983d79f117e7539c4e9901fe74169e478221f1cdee3ca71adba95
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b49b276dedcc1e6ac4234f2e8d46d4c294a95776399f1bbabf67ed100b30ae7a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBC08CB6A03A00C1FF094BE2F8613382260AB9CF05F1C4010CE5A46341EB3C40A08B10

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 61CD4D70 Relevance: 63.4, APIs: 30, Strings: 6, Instructions: 406memorystringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesAllocComputerFreeNamemallocstrlen
                                                                                                                                                                                                                              • String ID: 01234567$89abcdef$:[sc$Characteristics$NetCfgInstanceId$SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
                                                                                                                                                                                                                              • API String ID: 1478035857-3618987999
                                                                                                                                                                                                                              • Opcode ID: 3a5f10f7657aafadba48855465c7c90e5ff1ab9a9f6775dcfbda5b5a3797d017
                                                                                                                                                                                                                              • Instruction ID: 6491474c83145bd9c355d392bf11ada9e445aa2df75e57f336940f3b3487cd00
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a5f10f7657aafadba48855465c7c90e5ff1ab9a9f6775dcfbda5b5a3797d017
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EF16D72719781C6E720CB66A850B9FBBA5F785B84F888129DF8947B58EF3DC005CB50
                                                                                                                                                                                                                              Function 61CC9C10 Relevance: 51.2, APIs: 27, Strings: 2, Instructions: 477COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61CCB4FD
                                                                                                                                                                                                                              • bad marshal data (index list too large), xrefs: 61CCAF99
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$AppendList_OccurredString
                                                                                                                                                                                                                              • String ID: EOF read where object expected$bad marshal data (index list too large)
                                                                                                                                                                                                                              • API String ID: 2605687773-1134984
                                                                                                                                                                                                                              • Opcode ID: 24328e07c6b711e09adfeec3f75ff8ec5d1008f7abd984826023d49cddbf1295
                                                                                                                                                                                                                              • Instruction ID: b1055ea72862ef913e12f6f119b4536f450b2bb93a29d0d5af9bef55230b0d15
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24328e07c6b711e09adfeec3f75ff8ec5d1008f7abd984826023d49cddbf1295
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB12643220AB90C5EA648FA6E55879EB7A1F785FC8F09C416CA9D47B18FF39C854C701
                                                                                                                                                                                                                              Function 00007FF6DFF77DB0 Relevance: 49.2, APIs: 20, Strings: 8, Instructions: 188COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$CreateDirectoryEnvironment$ByteCharExpandMultiPathStringsTempVariableWide_getpid_wcsdup_wfullpath_wputenv_s_wtempnamwcschrwcslen
                                                                                                                                                                                                                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.$LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 2274789544-3119237222
                                                                                                                                                                                                                              • Opcode ID: 3365566f51a541132fa0856e1823789bb9b7212fc1a85a05e25b1d125dbfa748
                                                                                                                                                                                                                              • Instruction ID: c271e22c152e286cb6793e196d0d99da6559543f42e01823f082908f65814ba2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3365566f51a541132fa0856e1823789bb9b7212fc1a85a05e25b1d125dbfa748
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7861AB52F1D64240FA64AB23A9112FE8391AF49BC4F948437EC3EC77C6EE2CE425C240
                                                                                                                                                                                                                              Function 00007FF6DFF72620 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 194windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MessageSend$Create$Window$BaseClientDialogFontIconIndirectInfoLoadMetricParametersRectSystemUnits
                                                                                                                                                                                                                              • String ID: $BUTTON$Close$EDIT$Failed to gA7WkD6n script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                              • API String ID: 3223904152-4231048771
                                                                                                                                                                                                                              • Opcode ID: 9bcbd0ae487ad773c65203090edb47d8bd9997bfcb6fad77826f5d4dd51fc8b3
                                                                                                                                                                                                                              • Instruction ID: 8e7fd147aa934e340fdcd12f58400c19a9af17fdac0fa8d24d1412b84572e900
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bcbd0ae487ad773c65203090edb47d8bd9997bfcb6fad77826f5d4dd51fc8b3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E91AB76218B9082E7608F61E45479E7760F788B98F24413AEE8C4BB99CF7EC085CB50
                                                                                                                                                                                                                              Function 00007FF8A864C910 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 159COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: X509_$R_put_error$L_sk_numX_free$D_run_onceL_sk_pop_freeL_sk_valueM_move_peernameM_set1X509_verify_certX_get0_chainX_get1_chainX_get_errorX_initX_newX_set0_daneX_set_defaultX_set_ex_dataX_set_flagsX_set_verify_cb
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_cert.c$ssl_client$ssl_server
                                                                                                                                                                                                                              • API String ID: 4052934069-2466788060
                                                                                                                                                                                                                              • Opcode ID: 559dd0a72a5e0bb964254e27a7f39a778eebb142006f13fbcb3aac166a5fa4f6
                                                                                                                                                                                                                              • Instruction ID: 8334f1086c6c44e61119d264708a6219fc73311aa9d3ea0425879ec39d636dee
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 559dd0a72a5e0bb964254e27a7f39a778eebb142006f13fbcb3aac166a5fa4f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4618565B0AA42A1FA84EF2196483BD7B51EF85BC4F446035DE0D4B7D6EF3CE5018728
                                                                                                                                                                                                                              Function 61CC38D6 Relevance: 44.2, APIs: 23, Strings: 2, Instructions: 418stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Deallocfreemallocmemcpystrcmp
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$N+
                                                                                                                                                                                                                              • API String ID: 2421945241-2748867177
                                                                                                                                                                                                                              • Opcode ID: 7d6618ac22768b21cf684f78b8b3511db59920d27abd0f05e378ec20e4bc5ec3
                                                                                                                                                                                                                              • Instruction ID: 5510d666008df7f4d7c7d1bb4af7b2f10f6af2a4a66d97486628d2a00c8bcdc3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d6618ac22768b21cf684f78b8b3511db59920d27abd0f05e378ec20e4bc5ec3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7EF1BC72745680C6EB11CF6AE49039D3B71FB86F98F48C212DAA90B794EF39C951C712
                                                                                                                                                                                                                              Function 61CC2C80 Relevance: 42.3, APIs: 20, Strings: 4, Instructions: 282librarystringloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyEval_GetGlobals.PYTHON310 ref: 61CC2CE4
                                                                                                                                                                                                                              • PyFunction_NewWithQualName.PYTHON310 ref: 61CC2CF3
                                                                                                                                                                                                                              • _PyObject_CallFunction_SizeT.PYTHON310 ref: 61CC2D2F
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC2D71
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC2E4A
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61CC2E6A
                                                                                                                                                                                                                              • strlen.MSVCRT ref: 61CC2E82
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC3147
                                                                                                                                                                                                                                • Part of subcall function 61CCEFA0: PyList_New.PYTHON310 ref: 61CCEFDB
                                                                                                                                                                                                                                • Part of subcall function 61CCEFA0: PyErr_Occurred.PYTHON310 ref: 61CCEFFA
                                                                                                                                                                                                                                • Part of subcall function 61CCEFA0: PyMem_Free.PYTHON310 ref: 61CCF028
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC2F99
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC2FAD
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC2FD9
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC3003
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC3013
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$Err_$FormatFunction_$AddressCallEval_FreeGlobalsList_Mem_NameObject_OccurredProcQualSizeWithstrlen
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$/proc/se$lf/exe$z(
                                                                                                                                                                                                                              • API String ID: 3243918594-3850701646
                                                                                                                                                                                                                              • Opcode ID: 7776b01a49bd029e22bb9d8f954f20ffe382dd5cac6ebb045be2ef1bcec11073
                                                                                                                                                                                                                              • Instruction ID: f0ad8feda5caa367e13daa0971a1e9a3d8c529ec0b4f756997c05da0c0ca0b73
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7776b01a49bd029e22bb9d8f954f20ffe382dd5cac6ebb045be2ef1bcec11073
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BB1AB71341B84D5EA10CBAAE89439D3772F78AF85F489116CD5E0B7A4EF2EC912C742
                                                                                                                                                                                                                              Function 61CD2640 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 156memoryfileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 61CD268C
                                                                                                                                                                                                                              • CreateFileA.KERNEL32 ref: 61CD26C0
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 61CD26DA
                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 61CD2754
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61CD276A
                                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 61CD27A7
                                                                                                                                                                                                                              • CreateFileA.KERNEL32 ref: 61CD27D4
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 61CD27F5
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 61CD2804
                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 61CD284C
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61CD2865
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61CD286A
                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 61CD2874
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61CD2896
                                                                                                                                                                                                                                • Part of subcall function 61CD22F0: GetLastError.KERNEL32 ref: 61CD22F4
                                                                                                                                                                                                                                • Part of subcall function 61CD22F0: FormatMessageA.KERNEL32 ref: 61CD2325
                                                                                                                                                                                                                                • Part of subcall function 61CD22F0: LocalFree.KERNEL32 ref: 61CD2346
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Global$Free$Alloc$ControlCreateDeviceFile_snprintf$CloseErrorFormatHandleLastLocalMessage
                                                                                                                                                                                                                              • String ID: ../src/platforms/windows/hdinfo.c$/%d:$Empty serial number$SCSIDISK$\\.\PhysicalDrive%d$\\.\Scsi%d
                                                                                                                                                                                                                              • API String ID: 1119308327-3953537554
                                                                                                                                                                                                                              • Opcode ID: 70db97bde88c69948421bc1cd1e860fd79147349a12ec31b0888bd7bc928a58f
                                                                                                                                                                                                                              • Instruction ID: 21e4970575025d9aa39d98909109ebc45a695a6b72518b8b41b452e2cab31fbe
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70db97bde88c69948421bc1cd1e860fd79147349a12ec31b0888bd7bc928a58f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1351D33130068596E720DB62FC6478A7B91F788BE8F488225AE5E07BD4DF3DC506C784
                                                                                                                                                                                                                              Function 61CD3800 Relevance: 38.6, APIs: 19, Strings: 3, Instructions: 149networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$Cleanup$closesocketntohlsetsockopt$Startupgethostbynamehtonsrecvfromsendtosocket
                                                                                                                                                                                                                              • String ID: and,$http://$or,
                                                                                                                                                                                                                              • API String ID: 1750001962-2642771825
                                                                                                                                                                                                                              • Opcode ID: c8e321f5ef4eb657ba943f47a9e848e34e07c68d11a51ef849309d8966b1429c
                                                                                                                                                                                                                              • Instruction ID: 004422543741b98f5e731b6c41bdd79f6004794685c4370b8ba3d20e1a4d16f3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8e321f5ef4eb657ba943f47a9e848e34e07c68d11a51ef849309d8966b1429c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37516A32B05B8096E710CB65F81435AB7A1F789BB4F184329EAAD47BE4EB7DC445CB40
                                                                                                                                                                                                                              Function 61CC9A50 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 179COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (long size out of range), xrefs: 61CCAEB3
                                                                                                                                                                                                                              • bad marshal data (digit out of range in long), xrefs: 61CCADB3
                                                                                                                                                                                                                              • bad marshal data (unnormalized long data), xrefs: 61CCAF78
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Occurred$Long_String$Dealloc
                                                                                                                                                                                                                              • String ID: bad marshal data (digit out of range in long)$bad marshal data (long size out of range)$bad marshal data (unnormalized long data)
                                                                                                                                                                                                                              • API String ID: 3848820501-2912230410
                                                                                                                                                                                                                              • Opcode ID: 6d20ad8110112b538d0e355b395b7314ade5b59fd9d8ad14f655acca4bf87ef2
                                                                                                                                                                                                                              • Instruction ID: be011a40f78d45a7ba3dc285d12210f0c40ef1a4fe043d249f9a01541dbd1977
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d20ad8110112b538d0e355b395b7314ade5b59fd9d8ad14f655acca4bf87ef2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1614A31645651C6EA05CFA6C45CB6F3BA2FB86F88F0AD510C90A07724FF39D84AC386
                                                                                                                                                                                                                              Function 61CD0FC2 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 175COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • exception causes must derive from BaseException, xrefs: 61CD105A
                                                                                                                                                                                                                              • exceptions must derive from BaseException, xrefs: 61CD0FF1
                                                                                                                                                                                                                              • calling %R should have returned an instance of BaseException, not %R, xrefs: 61CD127A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                                              • String ID: calling %R should have returned an instance of BaseException, not %R$exception causes must derive from BaseException$exceptions must derive from BaseException
                                                                                                                                                                                                                              • API String ID: 1450464846-2865718950
                                                                                                                                                                                                                              • Opcode ID: 1ad5de58b9e0abd037f4507d06af2914c7edbde7597750aca410e29d04165ed7
                                                                                                                                                                                                                              • Instruction ID: 6a5eb37c363b1f478ab9af322c4dea44f4ccb9495f4aef2088e181f758bd7ec1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ad5de58b9e0abd037f4507d06af2914c7edbde7597750aca410e29d04165ed7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F614C72B45A84D6EB459FAAA95479E37B1A786FD4F0C8021CF4947B24EF3AC064C340
                                                                                                                                                                                                                              Function 61CD29F0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 171fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseHandleisxdigitmemset$ControlCreateDeviceFileisprintmemcpywsprintf
                                                                                                                                                                                                                              • String ID: /%d:$\\.\PhysicalDrive%d
                                                                                                                                                                                                                              • API String ID: 2355516209-72258043
                                                                                                                                                                                                                              • Opcode ID: 89683aa018d352bc7483927c2884a9494289da326e639269118be85bf05dc60c
                                                                                                                                                                                                                              • Instruction ID: 25a673be461365b6bd4b311013c27bc7fc495097a7303d0bad8d993ed232d1f9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89683aa018d352bc7483927c2884a9494289da326e639269118be85bf05dc60c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A951187260868085E711CB76A86035FBBA2F7C6798F48C115EF9A47B98EB7DC048C740
                                                                                                                                                                                                                              Function 00007FF8A8631924 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: N_copyN_free$N_dup$O_freeO_strdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                              • API String ID: 3070725730-1778748169
                                                                                                                                                                                                                              • Opcode ID: 69c56b4ffa0e70a954dfc1c9d6b1705144bf44245e90bbea21a6e62e083cf1e4
                                                                                                                                                                                                                              • Instruction ID: a89902bf7ee4210642caae7cff49481c6522a7c08eef2b7e9acade6df172cfc4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69c56b4ffa0e70a954dfc1c9d6b1705144bf44245e90bbea21a6e62e083cf1e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73413721A0FF82A0FED0EF6691583B836A4EF44FC4F086035D98D0A6C9DF6CA4418768
                                                                                                                                                                                                                              Function 61CE4B50 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110encryptionCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Cryptclock$Context$Acquire$RandomRelease
                                                                                                                                                                                                                              • String ID: ($Microsoft Base Cryptographic Provider v1.0$out != NULL$src/prngs/rng_get_bytes.c
                                                                                                                                                                                                                              • API String ID: 2525729555-3762154145
                                                                                                                                                                                                                              • Opcode ID: ec0db19bdf79496ae953b7909ce52b60800ae2d0c8bf03e08580c0d5631425c0
                                                                                                                                                                                                                              • Instruction ID: 0e1ae70651d15ab6d9e90f54ab19413d26a100f7f5aefe2c99f3414f61194303
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec0db19bdf79496ae953b7909ce52b60800ae2d0c8bf03e08580c0d5631425c0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6231B432708A51D1E710CBAAA84834E7AE5B7C9BD8F489421DE49C3664EF7EC456C790
                                                                                                                                                                                                                              Function 00007FF8A863194C Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 262COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free$memcpy$N1_item_free$O_strndupR_put_errorX509_free_time64
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_asn1.c
                                                                                                                                                                                                                              • API String ID: 3876440904-3659835543
                                                                                                                                                                                                                              • Opcode ID: 502b59dba9b475c89e1af2ffad6b85ca553ba54a73eca1870dec0eec6ab11ce9
                                                                                                                                                                                                                              • Instruction ID: 134b754ed94e5f387256ce3b704224b7000f94561c8a867a5e9bd31945b01ac2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 502b59dba9b475c89e1af2ffad6b85ca553ba54a73eca1870dec0eec6ab11ce9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DD1273264AB82A6FB95CF25D5882BC77A0FB45B84F089036DB4D477A5DF38E460C324
                                                                                                                                                                                                                              Function 00007FF8A86E266C Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentVariable$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: .rnd$HOME$RANDFILE$SYSTEMROOT$USERPROFILE
                                                                                                                                                                                                                              • API String ID: 2184640988-1666712896
                                                                                                                                                                                                                              • Opcode ID: 17414fb3dbadd164f9036994a62f8e8a7c38cf9ca0ef5b7dd5b31d780b298b5d
                                                                                                                                                                                                                              • Instruction ID: 01dc6ce6561c6fe62a2542f12979f0455af1768afbbe8d2cb8d295cda3ff167b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17414fb3dbadd164f9036994a62f8e8a7c38cf9ca0ef5b7dd5b31d780b298b5d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7861B322B0AB82A5EB508F25A840179A7E2FB45BE4F494271DE6D43BE4EF3DE445C314
                                                                                                                                                                                                                              Function 61CD2170 Relevance: 18.1, APIs: 12, Instructions: 111memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$Free$Alloc$AdaptersAddressesmemcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1739390247-0
                                                                                                                                                                                                                              • Opcode ID: 578627ab2bbaa116def379c49418e510e3e6a83278a856ab89d8ac39e8884121
                                                                                                                                                                                                                              • Instruction ID: a97683afd9d64a6ca20e611f4483d335d02fb46d2accae240e9b772e823667bb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 578627ab2bbaa116def379c49418e510e3e6a83278a856ab89d8ac39e8884121
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0031E6227056419AEB45DBBAAC50B9D67A2AB89BD4F4CC135EF1C47715FF38C981C700
                                                                                                                                                                                                                              Function 00007FF8A85112F0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 343COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                              • API String ID: 4139299733-4108050209
                                                                                                                                                                                                                              • Opcode ID: 9f9c89dfe89939c84336a20baca6dfd687e87eebe8aa8381b46da653639d6d15
                                                                                                                                                                                                                              • Instruction ID: 10296ca5e21baf76b38430bb0139d11407c5f29004d9f825c9af2719b508a486
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f9c89dfe89939c84336a20baca6dfd687e87eebe8aa8381b46da653639d6d15
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7E10172E0F652A5EB60AB15D8586BE33A5FB447C0F541531EE8E826C4EF7CE840C728
                                                                                                                                                                                                                              Function 00007FF8A86319EC Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 280COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free$O_memdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                                              • API String ID: 3545228654-3043411186
                                                                                                                                                                                                                              • Opcode ID: 14704f4ea8be45842db3f41262605a4ccd75a1c2c2d0842067412517b520504c
                                                                                                                                                                                                                              • Instruction ID: 293d1e178701c94d67a0f748149e2d6729970a3006023196ee9affbe38fd1eb9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14704f4ea8be45842db3f41262605a4ccd75a1c2c2d0842067412517b520504c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AD19B72A0AB8195FB108B21D8487AD3BA4FB48BC8F149535EE8C17799DF3CE1858758
                                                                                                                                                                                                                              Function 00007FF8A863192E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                              • API String ID: 2581946324-1306860146
                                                                                                                                                                                                                              • Opcode ID: 62b2b4f85efa3d580454f03a1549156fc1a83f92d3b8e2c1d5c88e3ed77353f9
                                                                                                                                                                                                                              • Instruction ID: 9f591f2c37a8bc467f9188e39169d0cfca3c9428d81ed6f13a87f0daf8f6983e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62b2b4f85efa3d580454f03a1549156fc1a83f92d3b8e2c1d5c88e3ed77353f9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8517012A1AB8291FB00EB26D4942BD63A1FF85FC8F007531EE4D47796EF29E491C318
                                                                                                                                                                                                                              Function 00007FF8A865C970 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_zalloc$J_nid2snP_get_digestbyname
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                              • API String ID: 4284552970-1080266419
                                                                                                                                                                                                                              • Opcode ID: 231cf4d7bf0d1909718f62e827b62a538bfd29cf69b0f45843327f8b0e74a5a1
                                                                                                                                                                                                                              • Instruction ID: dd5825467e8447f041e4baafd17f5f00cc57d5e082e2f9000518fa62da16df96
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 231cf4d7bf0d1909718f62e827b62a538bfd29cf69b0f45843327f8b0e74a5a1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE31C221B0BA91AAFB449F25E4183A97BA0EB45BC4F442135EF8C07BC6DF7DE1518724
                                                                                                                                                                                                                              Function 00007FF8A85118D0 Relevance: 13.9, APIs: 9, Instructions: 435COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3719493655-0
                                                                                                                                                                                                                              • Opcode ID: a6f8d227c04c96ee92d3327cf4cee3c09afe3ee40d30a4d34132af5cf80b64b2
                                                                                                                                                                                                                              • Instruction ID: 0da5d55c02ae3cff71cf0cd65859081880560bd1475d48f68bee126ef98afbae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6f8d227c04c96ee92d3327cf4cee3c09afe3ee40d30a4d34132af5cf80b64b2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B023472F4E652A2EB24AB15DC546B97BA5EB847C0F445231DE8E467C4EF3CE844C328
                                                                                                                                                                                                                              Function 00007FF8A8513068 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                                              • Opcode ID: 00f1522312bfcd982374d2b7872c5ef4cc0ec29a30735505d4bf24cc2f66f2d8
                                                                                                                                                                                                                              • Instruction ID: a33b9f4f812802308cf70497a4eb71721057c7500f2b03a263395eba8783838f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00f1522312bfcd982374d2b7872c5ef4cc0ec29a30735505d4bf24cc2f66f2d8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0314D7260AB8195EB60AF61E8503ED73A4FB84784F44443ADB4E47A98DF3CD648C724
                                                                                                                                                                                                                              Function 61D3FF20 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlCaptureContext.KERNEL32 ref: 61D3FF34
                                                                                                                                                                                                                              • RtlLookupFunctionEntry.KERNEL32 ref: 61D3FF4B
                                                                                                                                                                                                                              • RtlVirtualUnwind.KERNEL32 ref: 61D3FF8D
                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 61D3FFD1
                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32 ref: 61D3FFDE
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 61D3FFE4
                                                                                                                                                                                                                              • TerminateProcess.KERNEL32 ref: 61D3FFF2
                                                                                                                                                                                                                              • abort.MSVCRT ref: 61D3FFF8
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4278921479-0
                                                                                                                                                                                                                              • Opcode ID: 34e47eac2d239704eba39ba913f863e637461c29c0bdffefba06e04daf3a5a4f
                                                                                                                                                                                                                              • Instruction ID: 218b7e20b59df865aece717c3ce152185d8bf3536e35a5d2637b8bed06f6e0a3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34e47eac2d239704eba39ba913f863e637461c29c0bdffefba06e04daf3a5a4f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5621D072211B04A5EB00CF65F8843DA37B6BB4DB94F484526EA5E5B724EF3AC165C780
                                                                                                                                                                                                                              Function 61CC3AC1 Relevance: 7.7, APIs: 5, Instructions: 240COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 9a696cac2692144fd41d63314c9d240007b05f43e07727a89cadcc8317ebeafb
                                                                                                                                                                                                                              • Instruction ID: feec73b75fd21b1a3c10566d494c28a3adb4dd63f9378a8a5cc770b2f2c7e397
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a696cac2692144fd41d63314c9d240007b05f43e07727a89cadcc8317ebeafb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4A1E3B3204ADAA7C702CF6AE0001DFBF70F706B0DB99C145EB5A4A112E736D95AC752
                                                                                                                                                                                                                              Function 61D3FE40 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 61D3FE85
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 61D3FE90
                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 61D3FE99
                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 61D3FEA1
                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32 ref: 61D3FEAE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1445889803-0
                                                                                                                                                                                                                              • Opcode ID: 9927ebffe976e8623314bf487f79a03bd834ee23fd5eadd176ab0ac3cb8e1d83
                                                                                                                                                                                                                              • Instruction ID: 644738562a21768717a1273499f30fd12c2c7385cf9d5a289d6df6731eb65da6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9927ebffe976e8623314bf487f79a03bd834ee23fd5eadd176ab0ac3cb8e1d83
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7118C36615A5096FB109B25F80439966A1B78DBA4F0C4670DE9D027A4EA3DC495C340
                                                                                                                                                                                                                              Function 00007FF8A8631974 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_memdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                                              • API String ID: 3962629258-2231994545
                                                                                                                                                                                                                              • Opcode ID: 3fa6e8d300fdef3058764ae3552a8500907979292cb2cd1364e61a4063f92c5c
                                                                                                                                                                                                                              • Instruction ID: 99360e1527dcd2b855f70e913aad9dafd6cef3c02bdb774a1505799ef50fd55a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3fa6e8d300fdef3058764ae3552a8500907979292cb2cd1364e61a4063f92c5c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA31E432A1EA8052FA548B14F4442A9B794FB847D4F486230FB9D47B95EF7CE1A08714
                                                                                                                                                                                                                              Function 00007FF8A86E2B5D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastbind
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_sock2.c
                                                                                                                                                                                                                              • API String ID: 2328862993-3200932406
                                                                                                                                                                                                                              • Opcode ID: f933256663fa9be9d4592beb2c2da40180bdaf449910e1692b9e8b997b1e31ed
                                                                                                                                                                                                                              • Instruction ID: 78a9d31c2218bbb049dbd542f6458b0f41ac5b061a08802018ae1d292f192bd5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f933256663fa9be9d4592beb2c2da40180bdaf449910e1692b9e8b997b1e31ed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA21AE31B0A60296FB10DB25F8086ADB361FB84BC4F504135EA5C07B99EF3DE956CB18
                                                                                                                                                                                                                              Function 00007FF8A8638970 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                                                              • API String ID: 2581946324-1434567093
                                                                                                                                                                                                                              • Opcode ID: 1d1c7a30cca5a33fcf645cae5dc294225f4670823913cfb1b420e4b6c07ae7af
                                                                                                                                                                                                                              • Instruction ID: 7d638f20c66fde2a8ea909de48efc15eefd794d634d1781a1524e9e8e8220be7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d1c7a30cca5a33fcf645cae5dc294225f4670823913cfb1b420e4b6c07ae7af
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A021AF7AB16B4591EE548B29C04CBB823A4FB54BC0F56A031DE5C83380EF3AD420C324
                                                                                                                                                                                                                              Function 00007FF6DFF75810 Relevance: 233.2, APIs: 44, Strings: 89, Instructions: 451libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                                                                                              • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                              • API String ID: 190572456-4266016200
                                                                                                                                                                                                                              • Opcode ID: af163ddc85bf2b883ecff41c15d72a41c989fd972fde24fa4a0f8e3ace152156
                                                                                                                                                                                                                              • Instruction ID: 305803e4dfb3c5e1c7bec2880f0f9c039351baa635088c4661c820f3203d7628
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af163ddc85bf2b883ecff41c15d72a41c989fd972fde24fa4a0f8e3ace152156
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE3290A0E6DB0B90EE15DB16F8500BCA396AF45380F985437C92EC72B5EE6CF5368354
                                                                                                                                                                                                                              Function 00007FF6DFF774D0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 324libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                                                                                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                              • API String ID: 190572456-2208601799
                                                                                                                                                                                                                              • Opcode ID: 22024b249153ea0e59b866e83f9e6b0fc22e0894010a1230b992406c58f677af
                                                                                                                                                                                                                              • Instruction ID: 077a3da6979acb93ec69585ff6a48df23fec1cc4376ab0686d599a97df6fb925
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22024b249153ea0e59b866e83f9e6b0fc22e0894010a1230b992406c58f677af
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86F1B5A1E2DB0790FE15DB16FC510BCA7A6AF45380B945537D8ADC33A5EEACE129C304
                                                                                                                                                                                                                              Function 61CD3070 Relevance: 75.7, APIs: 27, Strings: 16, Instructions: 436filestringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD30AE
                                                                                                                                                                                                                                • Part of subcall function 61CD2CC0: strlen.MSVCRT ref: 61CD2CE3
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD30E7
                                                                                                                                                                                                                                • Part of subcall function 61CD2EE0: strlen.MSVCRT ref: 61CD2EFA
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61CD3119
                                                                                                                                                                                                                                • Part of subcall function 61CD2360: GetProcessHeap.KERNEL32 ref: 61CD2383
                                                                                                                                                                                                                                • Part of subcall function 61CD2360: HeapAlloc.KERNEL32 ref: 61CD2397
                                                                                                                                                                                                                                • Part of subcall function 61CD2360: GetAdaptersAddresses.IPHLPAPI ref: 61CD23BC
                                                                                                                                                                                                                                • Part of subcall function 61CD2360: GetProcessHeap.KERNEL32 ref: 61CD242F
                                                                                                                                                                                                                                • Part of subcall function 61CD2360: HeapFree.KERNEL32 ref: 61CD2439
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD3148
                                                                                                                                                                                                                                • Part of subcall function 61CD2170: GetProcessHeap.KERNEL32 ref: 61CD2191
                                                                                                                                                                                                                                • Part of subcall function 61CD2170: HeapAlloc.KERNEL32 ref: 61CD21A6
                                                                                                                                                                                                                                • Part of subcall function 61CD2170: memcpy.MSVCRT ref: 61CD221C
                                                                                                                                                                                                                                • Part of subcall function 61CD2170: GetProcessHeap.KERNEL32 ref: 61CD223A
                                                                                                                                                                                                                                • Part of subcall function 61CD2170: HeapFree.KERNEL32 ref: 61CD2245
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61CD317B
                                                                                                                                                                                                                                • Part of subcall function 61CD24F0: GetProcessHeap.KERNEL32 ref: 61CD2513
                                                                                                                                                                                                                                • Part of subcall function 61CD24F0: HeapAlloc.KERNEL32 ref: 61CD2527
                                                                                                                                                                                                                                • Part of subcall function 61CD24F0: GetAdaptersAddresses.IPHLPAPI ref: 61CD254F
                                                                                                                                                                                                                                • Part of subcall function 61CD24F0: inet_ntoa.WS2_32 ref: 61CD2587
                                                                                                                                                                                                                                • Part of subcall function 61CD24F0: GetProcessHeap.KERNEL32 ref: 61CD25A2
                                                                                                                                                                                                                                • Part of subcall function 61CD24F0: HeapFree.KERNEL32 ref: 61CD25AC
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD31AA
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61CD31BE
                                                                                                                                                                                                                                • Part of subcall function 61CD28F0: GetProcessHeap.KERNEL32 ref: 61CD290B
                                                                                                                                                                                                                                • Part of subcall function 61CD28F0: HeapAlloc.KERNEL32 ref: 61CD291F
                                                                                                                                                                                                                                • Part of subcall function 61CD28F0: GetNetworkParams.IPHLPAPI ref: 61CD2957
                                                                                                                                                                                                                                • Part of subcall function 61CD28F0: GetProcessHeap.KERNEL32 ref: 61CD2979
                                                                                                                                                                                                                                • Part of subcall function 61CD28F0: HeapFree.KERNEL32 ref: 61CD2983
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD31ED
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD320E
                                                                                                                                                                                                                              • strchr.MSVCRT ref: 61CD323B
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD3273
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD329B
                                                                                                                                                                                                                              • strchr.MSVCRT ref: 61CD32A8
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD32C9
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61CD32E2
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD3303
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CD330D
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD36A7
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD36C8
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD36E9
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD370A
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Default Mac address: "%s", xrefs: 61CD313B
                                                                                                                                                                                                                              • Failed to get harddisk information., xrefs: 61CD3692
                                                                                                                                                                                                                              • Failed to get mac address., xrefs: 61CD36B3
                                                                                                                                                                                                                              • "%s", xrefs: 61CD327D, 61CD32BC
                                                                                                                                                                                                                              • %02x:, xrefs: 61CD35BE
                                                                                                                                                                                                                              • Serial number with disk name: , xrefs: 61CD325E
                                                                                                                                                                                                                              • Failed to get domain name., xrefs: 61CD36F5
                                                                                                                                                                                                                              • Domain name: "%s", xrefs: 61CD31E0
                                                                                                                                                                                                                              • Failed to get ip address., xrefs: 61CD36D4
                                                                                                                                                                                                                              • Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux, xrefs: 61CD31F9
                                                                                                                                                                                                                              • >", xrefs: 61CD3667
                                                                                                                                                                                                                              • Hardware informations got by PyArmor:, xrefs: 61CD3096
                                                                                                                                                                                                                              • Multiple Mac addresses: "<, xrefs: 61CD32EE
                                                                                                                                                                                                                              • %02x, xrefs: 61CD361D
                                                                                                                                                                                                                              • Serial number of default harddisk: "%s", xrefs: 61CD30DA
                                                                                                                                                                                                                              • Ip address: "%s", xrefs: 61CD319D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Processfwrite$fprintf$AllocFreefputc$AdaptersAddressesstrchrstrlen$NetworkParamsinet_ntoamallocmemcpy
                                                                                                                                                                                                                              • String ID: "%s"$Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux$%02x$%02x:$>"$Default Mac address: "%s"$Domain name: "%s"$Failed to get domain name.$Failed to get harddisk information.$Failed to get ip address.$Failed to get mac address.$Hardware informations got by PyArmor:$Ip address: "%s"$Multiple Mac addresses: "<$Serial number of default harddisk: "%s"$Serial number with disk name:
                                                                                                                                                                                                                              • API String ID: 3427000353-3771683696
                                                                                                                                                                                                                              • Opcode ID: b783e3071cae2d82e5867a8721324a09ed24aac78513499f7840a47468256dd0
                                                                                                                                                                                                                              • Instruction ID: 92e2d17e8ae4c0f6397d3f9441ee972215c020172eae537d116b54a4bedd9b74
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b783e3071cae2d82e5867a8721324a09ed24aac78513499f7840a47468256dd0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9902CAB2605B808AEB50CBA6E45439E77A2F789BD4F488229CF9E47794EF39D050C711
                                                                                                                                                                                                                              Function 61CD3AE0 Relevance: 72.1, APIs: 35, Strings: 6, Instructions: 355networkstringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$ioctlsockettoupper$Cleanupstrstr$closesocketgethostbynamememcmp$Startup_mktime64connecthtonsrecvselectsendsocketstrchr
                                                                                                                                                                                                                              • String ID: Dec$HEAD /%s HTTP/1.1Host: %sUser-Agent: PYARMOR.COREConnection: close$Nov$and,$http://$or,
                                                                                                                                                                                                                              • API String ID: 3493847099-1714119496
                                                                                                                                                                                                                              • Opcode ID: acafb66694e3a6d8a3140dddf388bdaeaa594ae6991981273d92853579bfbd55
                                                                                                                                                                                                                              • Instruction ID: 2245fc7e2c34ebdecf51f47339fa0a5b3204eb2be2a55567f34bb1af9096f0c0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: acafb66694e3a6d8a3140dddf388bdaeaa594ae6991981273d92853579bfbd55
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECE1F472A09AC1D1E711CB61E44039EBBB1F385B98F08D226CB6947B98FB3DD546C741
                                                                                                                                                                                                                              Function 61CC33ED Relevance: 57.9, APIs: 25, Strings: 8, Instructions: 171COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyImport_GetModuleDict.PYTHON310 ref: 61CC33ED
                                                                                                                                                                                                                              • PyDict_GetItemString.PYTHON310 ref: 61CC3400
                                                                                                                                                                                                                              • PyModule_GetDict.PYTHON310 ref: 61CC340E
                                                                                                                                                                                                                              • PyDict_GetItemString.PYTHON310 ref: 61CC3427
                                                                                                                                                                                                                              • PyObject_GetAttrString.PYTHON310 ref: 61CC344D
                                                                                                                                                                                                                              • PyList_GetItem.PYTHON310 ref: 61CC3461
                                                                                                                                                                                                                              • _PyObject_CallFunction_SizeT.PYTHON310 ref: 61CC34A6
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON310 ref: 61CC34D7
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON310 ref: 61CC34E9
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC34F5
                                                                                                                                                                                                                              • PyErr_Clear.PYTHON310 ref: 61CC3580
                                                                                                                                                                                                                              • getenv.MSVCRT ref: 61CC358D
                                                                                                                                                                                                                              • PyUnicode_FromFormat.PYTHON310(?,?,?,?,?,?), ref: 61CC35AA
                                                                                                                                                                                                                              • _PyObject_CallFunction_SizeT.PYTHON310(?,?,?,?,?,?), ref: 61CC35D7
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON310 ref: 61CC3605
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON310 ref: 61CC3617
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC3623
                                                                                                                                                                                                                              • PyList_GetItem.PYTHON310 ref: 61CC3685
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC3824
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Object_$CallSize$ItemMethod_$DeallocString$DictDict_Function_List_$AttrClearErr_FormatFromImport_ModuleModule_Unicode_getenv
                                                                                                                                                                                                                              • String ID: %U/%s$%U/../%s$%s/%s$PYARMOR_RKEY$__path__$_path$close$read
                                                                                                                                                                                                                              • API String ID: 2543034039-1237617226
                                                                                                                                                                                                                              • Opcode ID: 634047117cca7d8fce8fedee0322fcf63425aa1eb2170c42f010d6675a89240e
                                                                                                                                                                                                                              • Instruction ID: 60af7937a6a6349b4c965615d5f79901f695ac0d2ba64db0d57a8ef2a3aba520
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 634047117cca7d8fce8fedee0322fcf63425aa1eb2170c42f010d6675a89240e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD611675342A10E5FA05DB6AF8547D927A2BB4AFC4F4CA5268C0D06760EF3EC869C391
                                                                                                                                                                                                                              Function 61CC82A0 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 201COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyTuple_Size.PYTHON310 ref: 61CC82C1
                                                                                                                                                                                                                              • PyTuple_New.PYTHON310 ref: 61CC82CD
                                                                                                                                                                                                                              • _PyObject_LookupAttr.PYTHON310 ref: 61CC832F
                                                                                                                                                                                                                              • _PyObject_GetAttrId.PYTHON310 ref: 61CC8343
                                                                                                                                                                                                                              • PyModule_GetFilenameObject.PYTHON310 ref: 61CC836F
                                                                                                                                                                                                                              • PyUnicode_FromString.PYTHON310 ref: 61CC837F
                                                                                                                                                                                                                              • _PyErr_Clear.PYTHON310 ref: 61CC83B9
                                                                                                                                                                                                                              • PyErr_SetImportError.PYTHON310 ref: 61CC83DF
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC83FE
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • cannot import name %R from %R (%S), xrefs: 61CC850A
                                                                                                                                                                                                                              • cannot import name %R from partially initialized module %R (most likely due to a circular import) (%S), xrefs: 61CC8525
                                                                                                                                                                                                                              • cannot import name %R from %R (unknown location), xrefs: 61CC83C5
                                                                                                                                                                                                                              • <unknown module name>, xrefs: 61CC8378
                                                                                                                                                                                                                              • %U.%U, xrefs: 61CC8452
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AttrErr_Object_Tuple_$ClearDeallocErrorFilenameFromImportLookupModule_ObjectSizeStringUnicode_
                                                                                                                                                                                                                              • String ID: %U.%U$<unknown module name>$cannot import name %R from %R (%S)$cannot import name %R from %R (unknown location)$cannot import name %R from partially initialized module %R (most likely due to a circular import) (%S)
                                                                                                                                                                                                                              • API String ID: 597108667-3215622635
                                                                                                                                                                                                                              • Opcode ID: 56f31735fa42c127f0fc7403903652c87f1e802b72edcce93260bfb485918a12
                                                                                                                                                                                                                              • Instruction ID: 45fe86b5ef952b9bb675518cf420b8f767b54ac1bd1b9f4280c3b25a1860d71c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56f31735fa42c127f0fc7403903652c87f1e802b72edcce93260bfb485918a12
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1717732609A84E5EA05CFA6A814B9F77A6B786FD4F0C8028DE4E07724EF3DC565D341
                                                                                                                                                                                                                              Function 61CCE2C0 Relevance: 35.5, APIs: 19, Strings: 1, Instructions: 472fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite$Err_MemoryPy_hashtable_destroyPy_hashtable_new_full
                                                                                                                                                                                                                              • String ID: too many objects
                                                                                                                                                                                                                              • API String ID: 3535940709-4209268247
                                                                                                                                                                                                                              • Opcode ID: a023a58e50b9cdfc8f5c553eb389cbe8784738619cfb37b626762e79cdfb616a
                                                                                                                                                                                                                              • Instruction ID: 4f9ccfb5cd135e6d91eadede883def994fa55df538c354cf6cc8e921125d75c0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a023a58e50b9cdfc8f5c553eb389cbe8784738619cfb37b626762e79cdfb616a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13127B72209B84C6DB00CB9AE44178EBFB0F386BD0F548116EA9D07BA8EB7DD455CB41
                                                                                                                                                                                                                              Function 61CD1810 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • missing required positional arguments, xrefs: 61CD1951
                                                                                                                                                                                                                              • missing kwonly required arguments, xrefs: 61CD1BDA
                                                                                                                                                                                                                              • Can't remove argname from kwargs, xrefs: 61CD1A36
                                                                                                                                                                                                                              • too many positional arguments, xrefs: 61CD1C44
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dict_Err_ItemString$DeallocTuple_
                                                                                                                                                                                                                              • String ID: Can't remove argname from kwargs$missing kwonly required arguments$missing required positional arguments$too many positional arguments
                                                                                                                                                                                                                              • API String ID: 2174600326-1903473336
                                                                                                                                                                                                                              • Opcode ID: 7303d3d761875bdc6893d637ceab9efaca0c6dfe1dfae3e27ea568136a0aeaab
                                                                                                                                                                                                                              • Instruction ID: 9d091126f05559e10f132cc32e8c77f01fcecdd16f6401f7f237ae201c93b453
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7303d3d761875bdc6893d637ceab9efaca0c6dfe1dfae3e27ea568136a0aeaab
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50B12872A45B84C1EA258FAAE84439E77B5F785BE4F598211CF9D03B68EF39C095C301
                                                                                                                                                                                                                              Function 61CD0400 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • too many values to unpack (expected %d), xrefs: 61CD0574
                                                                                                                                                                                                                              • cannot unpack non-iterable %.200s object, xrefs: 61CD0611
                                                                                                                                                                                                                              • not enough values to unpack (expected %d, got %d), xrefs: 61CD063D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$DeallocFormatIter_Next$CheckExceptionIterMatchesObject_OccurredSequence_
                                                                                                                                                                                                                              • String ID: cannot unpack non-iterable %.200s object$not enough values to unpack (expected %d, got %d)$too many values to unpack (expected %d)
                                                                                                                                                                                                                              • API String ID: 2492064420-2953850414
                                                                                                                                                                                                                              • Opcode ID: 224b8fdaf8469154bcdc4b29a407f2cc88bfa41e49ca95c53d5af208a2519096
                                                                                                                                                                                                                              • Instruction ID: b0e1e0a8e3f0cb19e75434d76ab230b714a1b645ffccfe76e9d81ce85982b160
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 224b8fdaf8469154bcdc4b29a407f2cc88bfa41e49ca95c53d5af208a2519096
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31615A32A41A54C1EA069FAEE854B9D37B1FB89B98F498516CF1D87724FF39C0A5C340
                                                                                                                                                                                                                              Function 00007FF8A88929E0 Relevance: 33.6, APIs: 11, Strings: 8, Instructions: 340stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strspn$strncmp$strcspn
                                                                                                                                                                                                                              • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Expecting: $Proc-Type:
                                                                                                                                                                                                                              • API String ID: 232339659-387852012
                                                                                                                                                                                                                              • Opcode ID: d3478d28586b3b591f2bcac79bc20f546f927b3c00999ee3a6f118fb3e088557
                                                                                                                                                                                                                              • Instruction ID: c8185856c119b2f89d423adf68b3a7465fcfbb6cd92668c9a8f4c565b2c3e8a5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3478d28586b3b591f2bcac79bc20f546f927b3c00999ee3a6f118fb3e088557
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24E19031B0AA42A6FB24CB66E4442BD33A1FB44BC8F444032CE5E17699EF3CE505C768
                                                                                                                                                                                                                              Function 61CC9C55 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 172threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC9C66
                                                                                                                                                                                                                              • PyThreadState_Get.PYTHON310 ref: 61CCA331
                                                                                                                                                                                                                              • _Py_CheckFunctionResult.PYTHON310 ref: 61CCA37C
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (set size out of range), xrefs: 61CCABD8
                                                                                                                                                                                                                              • bad marshal data (index list too large), xrefs: 61CCB229
                                                                                                                                                                                                                              • NULL object in marshal data for set, xrefs: 61CCB016
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CheckErr_FunctionOccurredResultState_Thread
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for set$bad marshal data (index list too large)$bad marshal data (set size out of range)
                                                                                                                                                                                                                              • API String ID: 3239669425-600355161
                                                                                                                                                                                                                              • Opcode ID: 63a3907c0991a235b39106478c50d90af575934e1d876a29bcfbe65948725fbd
                                                                                                                                                                                                                              • Instruction ID: 489273441d8a76056ce7026b48c0751f160f17bfcd86733764e484616f548976
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63a3907c0991a235b39106478c50d90af575934e1d876a29bcfbe65948725fbd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D716C32606A80C2EA548BAAE44875F3762F7C5F94F08C615C96E43764FF39C859C342
                                                                                                                                                                                                                              Function 00007FF6DFF71CD0 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 139COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclose$_wfopenfreadfreemalloc
                                                                                                                                                                                                                              • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was C7Dlwp4kd!
                                                                                                                                                                                                                              • API String ID: 414440483-498630463
                                                                                                                                                                                                                              • Opcode ID: b13408b76eb0e99141bddfd40189e88921ac34e572f765c0f0b36de1127ee201
                                                                                                                                                                                                                              • Instruction ID: 05246da2006250e099fa28456880935e3c98904ff6c2c717346b15934599d74d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b13408b76eb0e99141bddfd40189e88921ac34e572f765c0f0b36de1127ee201
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB518F61F0D54361FA259726A8506FE9341AF05BD8F980137DE3D8B3D6EE2CF9698380
                                                                                                                                                                                                                              Function 61CCDA70 Relevance: 32.0, APIs: 17, Strings: 1, Instructions: 473fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite$Err_String
                                                                                                                                                                                                                              • String ID: too many objects
                                                                                                                                                                                                                              • API String ID: 4210527972-4209268247
                                                                                                                                                                                                                              • Opcode ID: cb3ee314a1d694b2752704733d0a291bc67a21529ac4d4e6903c36ec7d2abc66
                                                                                                                                                                                                                              • Instruction ID: f116a3932838a3b2e9aafb9b8b07f600ac53492979bee5ddfd5ed1b35b93c02b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb3ee314a1d694b2752704733d0a291bc67a21529ac4d4e6903c36ec7d2abc66
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26128DB2241B84C6DB14CFA9E0507AD77B1F349FA8F548216CA2D17B48EB79C992C3C1
                                                                                                                                                                                                                              Function 00007FF6DFF7EEB0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcstombs$setlocale$freembstowcsrealloc$_strdup
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 1093732947-3944641314
                                                                                                                                                                                                                              • Opcode ID: 148a141ac75870572ce124d50f5ef97fb7e269a6faeb8a9cf2d919f537363541
                                                                                                                                                                                                                              • Instruction ID: 78298ad18791df875224fbdfa184275dc51ee32a66e523a363780aab3cab1705
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 148a141ac75870572ce124d50f5ef97fb7e269a6faeb8a9cf2d919f537363541
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58A14966F08B6688EB509BA6D8442FD27B0FB08B98F404536DE6C97B99DF3DD421C350
                                                                                                                                                                                                                              Function 61CC8810 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _PyFloat_Unpack8.PYTHON310 ref: 61CC8841
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON310 ref: 61CC8896
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON310 ref: 61CC88A4
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON310 ref: 61CC88C4
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON310 ref: 61CC88E3
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 61CC8A11
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61CC8A07
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CC8972
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CC89E5
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BufferBuffer_CallErr_FillFloat_FromInfoMemoryMethodNumber_Object_SizeSsize_tStringUnpack8View_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 3670709071-4172231876
                                                                                                                                                                                                                              • Opcode ID: 9e3eb5a2e51a8e3cb397f0a0a2d88eeda0ca6e461148420a7ef6f19f85d433e5
                                                                                                                                                                                                                              • Instruction ID: d1e5cae50fcfcc34495485b6916299a7f5cad9b0e458749cd60be4b81cf9351e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e3eb5a2e51a8e3cb397f0a0a2d88eeda0ca6e461148420a7ef6f19f85d433e5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91516131302A44C5EB459FAAE840B9E3371B785FE9F088315C96D577A8EF39C899D342
                                                                                                                                                                                                                              Function 61CC8A40 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 120COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON310 ref: 61CC8AC6
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON310 ref: 61CC8AD4
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON310 ref: 61CC8AF4
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON310 ref: 61CC8B13
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 61CC8C41
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61CC8C37
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CC8BA2
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CC8C15
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BufferBuffer_CallErr_FillFromInfoMemoryMethodNumber_Object_SizeSsize_tStringView_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 3120701247-4172231876
                                                                                                                                                                                                                              • Opcode ID: 069d7c9843d34cceb35874ba53cc2781da4af9a1019af3747f7b5d1852b76400
                                                                                                                                                                                                                              • Instruction ID: 18e182607388718ae9b691add699b97fca9bf19069238830b87ccf0ff41d3862
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 069d7c9843d34cceb35874ba53cc2781da4af9a1019af3747f7b5d1852b76400
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF415FB1306A04C1EE058BA9D854B8E3361B749FF8F588715CA2D47BE8EF39C956D342
                                                                                                                                                                                                                              Function 61CC8DA0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON310 ref: 61CC8E22
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON310 ref: 61CC8E30
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON310 ref: 61CC8E50
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON310 ref: 61CC8E72
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC8E8B
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC8EBA
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 61CC8F63
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61CC8F57
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CC8F37
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CC8EB0
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$BufferBuffer_CallFillFormatFromInfoMemoryMethodNumber_Object_OccurredSizeSsize_tStringView_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 2192429850-4172231876
                                                                                                                                                                                                                              • Opcode ID: c7346fb6996e7c2f8c201d6470266c9c80c04d70d021b80e6eec92837ae56c6b
                                                                                                                                                                                                                              • Instruction ID: f8c14aa7dc123b7ca5645f98113710212d6f8a8419f30d235480831a169d7329
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7346fb6996e7c2f8c201d6470266c9c80c04d70d021b80e6eec92837ae56c6b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55416F31302A05C5EA158FAAE840B9E3362B799FE4F4C87258E2D477E4EF39C895D351
                                                                                                                                                                                                                              Function 61CC329E Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 94COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _PyObject_CallFunction_SizeT.PYTHON310 ref: 61CC32E8
                                                                                                                                                                                                                              • PyErr_Clear.PYTHON310 ref: 61CC3304
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC3364
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON310(?,?,?,?,?,?), ref: 61CC33A3
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON310(?,?,?,?,?,?), ref: 61CC33B5
                                                                                                                                                                                                                              • PySys_GetObject.PYTHON310 ref: 61CC3517
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC3573
                                                                                                                                                                                                                              • getenv.MSVCRT ref: 61CC3647
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CallObject_Size$Err_Method_$ClearDeallocFormatFunction_ObjectSys_getenv
                                                                                                                                                                                                                              • String ID: %U.%s$%U/%s$%s (%d:%d)$%s/%s$PYARMOR_RKEY$close$executable$read
                                                                                                                                                                                                                              • API String ID: 2643494441-891831584
                                                                                                                                                                                                                              • Opcode ID: f24a4c5e35f79677641a6c5f84d36f3c74eede24517995edd29c0d23837b3723
                                                                                                                                                                                                                              • Instruction ID: 58e1ce739c980e848d4a1ef7a77c9949308e1e1f252faeedab31fb35bc8dc6e7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f24a4c5e35f79677641a6c5f84d36f3c74eede24517995edd29c0d23837b3723
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52313971741A54E1FA02DB66FC903D926A2BB85FC4F8C9422CD0A57764EF3EC956C381
                                                                                                                                                                                                                              Function 61CD06C0 Relevance: 27.2, APIs: 18, Instructions: 153COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$CallCheckErr_Object_Signals
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 356930793-0
                                                                                                                                                                                                                              • Opcode ID: 667a1198ef97de2a89fb9c356cea458a08b69397164a7e688454c2dbf018b660
                                                                                                                                                                                                                              • Instruction ID: bb2d6defe0d13d62e1bbbd1944d7ec1414b5cf94b4e82e0540f19027898d74f3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 667a1198ef97de2a89fb9c356cea458a08b69397164a7e688454c2dbf018b660
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE516336A46A44D6EA099FAE994436D3775BB46F94F0EC125CF098AB10FF39C075C740
                                                                                                                                                                                                                              Function 00007FF8A8511150 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 188COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Unicode_$Equal$Arg_Ready$ArgumentCheckMallocMem_PositionalSubtypeType_
                                                                                                                                                                                                                              • String ID: argument 1$argument 2$invalid normalization form$normalize$str
                                                                                                                                                                                                                              • API String ID: 3079088272-4140678229
                                                                                                                                                                                                                              • Opcode ID: 043ca2d8424091de15f9a914ae84487fadada3a8c3722cd01a5ffe64d96a38c2
                                                                                                                                                                                                                              • Instruction ID: bcb3ba3bca2f37a95a70bc2c0f85966a4cb7b4abc501bb3e1bd831546feeae19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 043ca2d8424091de15f9a914ae84487fadada3a8c3722cd01a5ffe64d96a38c2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F81D220E4E682A1FBA0AB12DC147B96391FF49BC4F446171CE9E87795EF6CE405C328
                                                                                                                                                                                                                              Function 61CD2360 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 108memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • %02x:%02x:%02x:%02x:%02x:%02x, xrefs: 61CD23F9
                                                                                                                                                                                                                              • ../src/platforms/windows/hdinfo.c, xrefs: 61CD24B7
                                                                                                                                                                                                                              • Too small size, xrefs: 61CD24B0
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesAllocFree
                                                                                                                                                                                                                              • String ID: %02x:%02x:%02x:%02x:%02x:%02x$../src/platforms/windows/hdinfo.c$Too small size
                                                                                                                                                                                                                              • API String ID: 1283795797-3992030336
                                                                                                                                                                                                                              • Opcode ID: ca2f2d58f6ccc6fa38a4598bcc9428a79d4f29ec2d6dcd793aaaf0ab3d192cb3
                                                                                                                                                                                                                              • Instruction ID: 65c3b981a2463817d86091baf114bc3dd958c453a1b73d780c0d27a190a77a2d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca2f2d58f6ccc6fa38a4598bcc9428a79d4f29ec2d6dcd793aaaf0ab3d192cb3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6131AA317055518AD724DBBB681076E6BA2AB89B94F088126BE5C83798FF3CC541D750
                                                                                                                                                                                                                              Function 00007FF6DFF79070 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen_snwprintfcallocfree
                                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                              • API String ID: 1339360106-2855260032
                                                                                                                                                                                                                              • Opcode ID: 0f7ef2776a1702e153f9070e199a20aa48cd80c646a4a307b911eb60a5f6c4ff
                                                                                                                                                                                                                              • Instruction ID: 48a51b509f4d847f11b596faf44128210a837b704dd3b94994606d07f91fbb39
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f7ef2776a1702e153f9070e199a20aa48cd80c646a4a307b911eb60a5f6c4ff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE315021A08A4242E7209F62B8047AE6361FB85BA8F544236EE7D87BD4DF7DE419C700
                                                                                                                                                                                                                              Function 61CC1DF0 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 90stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strncmp$Err_Format_errno$freememcpystrlen
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$*DOMAIN:$*HARDDISK:$*IFIPV4:$*IFIPV6:$*IFMAC:$*MID:$5(
                                                                                                                                                                                                                              • API String ID: 3958490578-1731549688
                                                                                                                                                                                                                              • Opcode ID: 7f386ca90869f4e7a942387e88c80bd49a34fdcf9a6c9116e47703f723d03f89
                                                                                                                                                                                                                              • Instruction ID: a295d38a22b741a44c6a8958617485d58d30e48dd0c6ae9cb19b640851d97f5f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f386ca90869f4e7a942387e88c80bd49a34fdcf9a6c9116e47703f723d03f89
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1210F21310644A4FF10C727E85079A1AB1B78AFE9FC89119CC194B7E0EF3EC555C311
                                                                                                                                                                                                                              Function 61CD0080 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Invalid type for op_build, xrefs: 61CD02DC
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: List_$DeallocDict_$ExtendTuple_Update
                                                                                                                                                                                                                              • String ID: Invalid type for op_build
                                                                                                                                                                                                                              • API String ID: 3794787204-1006902009
                                                                                                                                                                                                                              • Opcode ID: 8b848b1ebe1e0401444f0c0f79537a9a1f1e2d3ca6736aa3fc494c1ed3025b8f
                                                                                                                                                                                                                              • Instruction ID: 8e60d559d8e50625d9406e054790ea63dc141bf61cfa479a7877722f45df768a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b848b1ebe1e0401444f0c0f79537a9a1f1e2d3ca6736aa3fc494c1ed3025b8f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 015171B2F46A15D2FA158BEDA94039E3761AB46BD4F49C025CF59C7714FE39C066C340
                                                                                                                                                                                                                              Function 61CD1530 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Too many format strings, xrefs: 61CD156D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$Err_FormatObject_StringUnicode_
                                                                                                                                                                                                                              • String ID: Too many format strings
                                                                                                                                                                                                                              • API String ID: 3094464462-2091874682
                                                                                                                                                                                                                              • Opcode ID: e76b4efb92dd775607a95ed8de22b90207bf7536f0e0b4de8b8ee96f2ebf8171
                                                                                                                                                                                                                              • Instruction ID: 38a034a55f0220bc92c7ee0eb4041a51d8e3925213b29a6f58bed41b99d2c704
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e76b4efb92dd775607a95ed8de22b90207bf7536f0e0b4de8b8ee96f2ebf8171
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E514C32E49A44D1EA159FAEAA843AD6371E785BC4F4D8125CB1E47B24FF3DC056C340
                                                                                                                                                                                                                              Function 61CC1A30 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 170COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyEval_GetFrame.PYTHON310 ref: 61CC1A3E
                                                                                                                                                                                                                              • PyUnicode_AsUTF8.PYTHON310 ref: 61CC1A96
                                                                                                                                                                                                                              • PyModule_GetDict.PYTHON310 ref: 61CC1AAD
                                                                                                                                                                                                                              • PyDict_GetItemString.PYTHON310 ref: 61CC1AC6
                                                                                                                                                                                                                              • PyCFunction_GetSelf.PYTHON310 ref: 61CC1AD4
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC1B3A
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DictDict_Err_Eval_FormatFrameFunction_ItemModule_SelfStringUnicode_
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$__dict__$__pyarmor__$protection exception (%d)
                                                                                                                                                                                                                              • API String ID: 3372622024-629680938
                                                                                                                                                                                                                              • Opcode ID: 15c7fc33f5896b93769883d5e010b8e3bf1f1a198a9880ae34083bee89e35c38
                                                                                                                                                                                                                              • Instruction ID: 4610eeff55b00fdfb2644be5fd803623954e208b5ea6f0da658819c4d6b11469
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15c7fc33f5896b93769883d5e010b8e3bf1f1a198a9880ae34083bee89e35c38
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6514B76701A44C5FF058BABD8947A82BB2EB88FD4F498426CE1D07764EE39C895C741
                                                                                                                                                                                                                              Function 61CD1EB0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$ItemMethod_Tuple_$BuildFunction_NameQualSubtypeType_ValueWith
                                                                                                                                                                                                                              • String ID: (O)
                                                                                                                                                                                                                              • API String ID: 593819998-4232840684
                                                                                                                                                                                                                              • Opcode ID: a1d07191438c3203df9ef576c3f00bf2fc71539523c6d8a7c2afa6daa930401c
                                                                                                                                                                                                                              • Instruction ID: 1115c37438059fc215d4035e6f29341d819684576f4c77d41474cbac9e7ff887
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1d07191438c3203df9ef576c3f00bf2fc71539523c6d8a7c2afa6daa930401c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD519F32A46A40D2FA1A8F76A96479E77B3FB46B90F08C015CF5A46B14FF3AD054C340
                                                                                                                                                                                                                              Function 61CCED20 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • XXX readobject called with exception set, xrefs: 61CCEE7D
                                                                                                                                                                                                                              • NULL object in marshal data for object, xrefs: 61CCEE54
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mem_$Free$Err_FromList_MallocMarshal_ObjectOccurredPy_fstat_noraiseReadStringfread
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for object$XXX readobject called with exception set
                                                                                                                                                                                                                              • API String ID: 149595394-3392712392
                                                                                                                                                                                                                              • Opcode ID: f3e1f9886c6417d397217a8bc0752abc05a9d312b5abb8e395e19855e5f03d6a
                                                                                                                                                                                                                              • Instruction ID: 21c33ed99e0a5f421431a52060c602b0c8c3f8a4e93a71f1f5e3c9415696b905
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3e1f9886c6417d397217a8bc0752abc05a9d312b5abb8e395e19855e5f03d6a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0319C31306A40C5EA068BABE8057AD6B61AB87FD8F088135DE0E47764EF3DC895C742
                                                                                                                                                                                                                              Function 00007FF6DFF73270 Relevance: 24.2, APIs: 2, Strings: 14, Instructions: 203stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmpstrcpystrlen
                                                                                                                                                                                                                              • String ID: %s%c%s$%s%c%s%c%s%c%s$%s%c%s%c%s.pkg$%s%c%s.exe$Archive not found: %s$Archive path exceeds PATH_MAX$Failed to copy %s$Failed to extract %s$Failed to open archive %s!$\$\$_MEIPASS2$pyi-contents-directory$pyi-contents-directory option not found in onedir bundle archive!
                                                                                                                                                                                                                              • API String ID: 895318938-736835633
                                                                                                                                                                                                                              • Opcode ID: 702e52b45027c17a06724986362fbdf0f4889759a24ad9d8c37057623cd7ba2b
                                                                                                                                                                                                                              • Instruction ID: 69450164bd7b0be1878251386ee4e2e1f836275fae7cd77695b9bee0338588af
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 702e52b45027c17a06724986362fbdf0f4889759a24ad9d8c37057623cd7ba2b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97915C61E08A82A1FA209B22E8406BEA750FF44B84F944533EE6DD7796DF3CE565C740
                                                                                                                                                                                                                              Function 61CC85F0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON310 ref: 61CC8643
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON310 ref: 61CC8655
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON310 ref: 61CC8679
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON310 ref: 61CC869B
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC86C4
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC86EF
                                                                                                                                                                                                                              • PyMem_Realloc.PYTHON310 ref: 61CC8723
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC8768
                                                                                                                                                                                                                              • PyMem_Malloc.PYTHON310 ref: 61CC8793
                                                                                                                                                                                                                              • PyErr_NoMemory.PYTHON310 ref: 61CC87A5
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CC8747
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CC86DF
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Mem_Memory$BufferBuffer_CallDeallocFillFormatFromInfoMallocMethodNumber_Object_OccurredReallocSizeSsize_tView_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 3190434935-3742967138
                                                                                                                                                                                                                              • Opcode ID: 5e161c6b4e4cd385d4a1f359dcec4206cc105c1bb8b5ea6bb6f7c86bc9254928
                                                                                                                                                                                                                              • Instruction ID: 07661c27151aa4aa4d3acd962b0b75fb0ac51764c83f53eefcd66fd08d5b843b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e161c6b4e4cd385d4a1f359dcec4206cc105c1bb8b5ea6bb6f7c86bc9254928
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71416371302A04C5FB019BA6E9447AE23A1B744FE8F488625DD2D57B94FF3DC4AAD341
                                                                                                                                                                                                                              Function 00007FF6DFF78680 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 99processsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_osfhandle$Process_fileno$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                              • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                              • API String ID: 2399235724-3524285272
                                                                                                                                                                                                                              • Opcode ID: 3b0030d9226d0a67f6fd8a2a69a505053b30f609f3f5ca2460bb49168f4bcb83
                                                                                                                                                                                                                              • Instruction ID: 7497dc90e2b607b2816a67bf43f3d738e048929d37efd09c1e4e18974d51fb92
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b0030d9226d0a67f6fd8a2a69a505053b30f609f3f5ca2460bb49168f4bcb83
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8415E32A08B8245EB209B65F8147AEB360EB857A4F404736EABD877D4DF7CD094CB40
                                                                                                                                                                                                                              Function 00007FF6DFF74870 Relevance: 22.7, APIs: 7, Strings: 8, Instructions: 203stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocstrcmpstrncmp
                                                                                                                                                                                                                              • String ID: _MEIPASS2$dev$hash_seed$optimize$pyi-$unbuffered$utf8$verbose
                                                                                                                                                                                                                              • API String ID: 3864021093-2470803696
                                                                                                                                                                                                                              • Opcode ID: 1ebc1015cd89388c44d796f0e6af0bbaf2b2aa1507eb9976b7d4d29af4bb5d45
                                                                                                                                                                                                                              • Instruction ID: d99546f7bad84ca07176bd2b7acb97aea0931cbe8399712e4d2665b26defed9f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ebc1015cd89388c44d796f0e6af0bbaf2b2aa1507eb9976b7d4d29af4bb5d45
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1181C262E0C653C6FB759F22A40437EEBA1AF45B98F048077CA6D87695DE3CE660C314
                                                                                                                                                                                                                              Function 61CDE440 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 319COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: A != NULL$B != NULL$C != NULL$P != NULL$kA != NULL$kB != NULL$modulus != NULL$src/pk/ecc/ltc_ecc_map.c$src/pk/ecc/ltc_ecc_mul2add.c
                                                                                                                                                                                                                              • API String ID: 306872129-190324370
                                                                                                                                                                                                                              • Opcode ID: abc542e885870fcf4d22c6f1b590d1024fc0e268d8b4cbd7982386b59b1c3973
                                                                                                                                                                                                                              • Instruction ID: ee07c7d038212181e2c21ef639dc70789a937539cbc6d329731993a24f2b1c57
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abc542e885870fcf4d22c6f1b590d1024fc0e268d8b4cbd7982386b59b1c3973
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAC16936A04A91C6EB60DFA6E84479EA765F789BD4F458022DF8D97708FF78C444C740
                                                                                                                                                                                                                              Function 61CDFEE0 Relevance: 21.3, APIs: 9, Strings: 5, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$memcmp$malloc
                                                                                                                                                                                                                              • String ID: hash != NULL$key != NULL$sig != NULL$src/pk/rsa/rsa_verify_hash.c$stat != NULL
                                                                                                                                                                                                                              • API String ID: 2896619906-237625700
                                                                                                                                                                                                                              • Opcode ID: cdf0dc33b3989645c12b7f16457730b6b26fd51d57ea4b930ad23a656de39b68
                                                                                                                                                                                                                              • Instruction ID: 9c14a3dc1c968d2cb75374ac11061886468046beaf7aaf1018f8a0833cfe5a10
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cdf0dc33b3989645c12b7f16457730b6b26fd51d57ea4b930ad23a656de39b68
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BB15B726086C1CAE721CF52E44879EBBB1F385B88F448115DE8987B58EF7ED459CB80
                                                                                                                                                                                                                              Function 61CD134E Relevance: 21.1, APIs: 14, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Restore$DeallocExceptionException_FetchNormalize$Back_ContextEval_FrameHereOccurredTraceTraceback
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4214459649-0
                                                                                                                                                                                                                              • Opcode ID: bc279d095d71dc5958acd298bddca9d93a9f204cec5f1c4559cb61f5e757b790
                                                                                                                                                                                                                              • Instruction ID: 6a2b7a11836fbb89ac9e199c894cc2afa61d4b9108abfd94e2f95958890eb8e5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc279d095d71dc5958acd298bddca9d93a9f204cec5f1c4559cb61f5e757b790
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D41F876609B8095DA248B9AF84479EB772FB86BD4F488016DE8D43B28DF39C045CB41
                                                                                                                                                                                                                              Function 00007FF6DFF72AA0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _wcsdupfree$DeleteDestroyDialogHandleIconIndirectModuleObjectParammemset
                                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                                              • API String ID: 3963799495-2699770090
                                                                                                                                                                                                                              • Opcode ID: 1399e865f07fc0c0e19deaee63d058363e1597f9915b3dc934ac45d2a049b452
                                                                                                                                                                                                                              • Instruction ID: 62d9a89a007efd88d56bebd8bfefc60b244f0990eda904e135b20b255dddf3d2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1399e865f07fc0c0e19deaee63d058363e1597f9915b3dc934ac45d2a049b452
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61215172A0DA8281EA219F62F8556FE6760FB85B84F440137EE5E87B55DF3CD025CB40
                                                                                                                                                                                                                              Function 00007FF8A8512500 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Module_$Dealloc$ObjectObject_$Capsule_ConstantFromMallocMem_SpecStringTrackTypeType_
                                                                                                                                                                                                                              • String ID: 13.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                              • API String ID: 288921926-2302946913
                                                                                                                                                                                                                              • Opcode ID: 7bbd23ebe987af1e45d56d99bc958bd3be6f45c1a216322346f2f04b6fdbad98
                                                                                                                                                                                                                              • Instruction ID: 82b136e498e7ce5ac0605811737f126c10a5e05540389cc932fd8a0ca27bad41
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bbd23ebe987af1e45d56d99bc958bd3be6f45c1a216322346f2f04b6fdbad98
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76215E34E0F607A1FA14BB61EC6017862E4FF49BD2F094134DE4E8A696DF2DE445C328
                                                                                                                                                                                                                              Function 61CD24F0 Relevance: 19.6, APIs: 13, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesAllocFree$inet_ntoa
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4108032510-0
                                                                                                                                                                                                                              • Opcode ID: 0a193b1382c6ee67ce8b200a9a45184054f27719d668eb37d67997e2c14390e3
                                                                                                                                                                                                                              • Instruction ID: ffce72e93d11d0278465436b82118428d82e4efe2c04a4905c7ec913ddfb64a4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a193b1382c6ee67ce8b200a9a45184054f27719d668eb37d67997e2c14390e3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1321F662B0574096E714D7BBAC20B5E6692BB8ABD4F08C235AE1D473A4FF38C442C750
                                                                                                                                                                                                                              Function 61CC4D71 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61CCEFA0: PyList_New.PYTHON310 ref: 61CCEFDB
                                                                                                                                                                                                                                • Part of subcall function 61CCEFA0: PyErr_Occurred.PYTHON310 ref: 61CCEFFA
                                                                                                                                                                                                                                • Part of subcall function 61CCEFA0: PyMem_Free.PYTHON310 ref: 61CCF028
                                                                                                                                                                                                                              • _PyDict_GetItemIdWithError.PYTHON310 ref: 61CCFA72
                                                                                                                                                                                                                              • PyThreadState_Get.PYTHON310 ref: 61CCFAD5
                                                                                                                                                                                                                              • _Py_CheckFunctionResult.PYTHON310 ref: 61CCFB1F
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CCFB53
                                                                                                                                                                                                                              • _PyObject_MakeTpCall.PYTHON310 ref: 61CCFBAA
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CCFBC0
                                                                                                                                                                                                                              • _PyLong_AsInt.PYTHON310 ref: 61CCFC03
                                                                                                                                                                                                                              • PyImport_ImportModuleLevelObject.PYTHON310 ref: 61CCFC2B
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CCFC5D
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$CallCheckDict_Err_ErrorFreeFunctionImportImport_ItemLevelList_Long_MakeMem_ModuleObjectObject_OccurredResultState_ThreadWith
                                                                                                                                                                                                                              • String ID: __import__ not found
                                                                                                                                                                                                                              • API String ID: 1209477609-2199325508
                                                                                                                                                                                                                              • Opcode ID: b90bd15760f08aeab28d1177f723d9691f3df14adbb9ce0193edb1d4bb711379
                                                                                                                                                                                                                              • Instruction ID: 32a19a13ac0aedeaea35100d4ec3dff813b3b0ae98b73214a5e592fd659831ca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b90bd15760f08aeab28d1177f723d9691f3df14adbb9ce0193edb1d4bb711379
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21517A32205B84D6EB458F66E96039E67A1F749FE4F089126DE4E07B64EF3DC8A5C300
                                                                                                                                                                                                                              Function 00007FF6DFF76BD0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 131stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlenstrncpy$callocfreememcpy
                                                                                                                                                                                                                              • String ID: SPLASH: Cannot extract requirement %s.$SPLASH: Cannot find requirement %s in archive.$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 4189425833-927121926
                                                                                                                                                                                                                              • Opcode ID: fcb698b9ce71179655e8d018370367643db60866aa6261040852d0da1733547b
                                                                                                                                                                                                                              • Instruction ID: 1ade13fce3f264ad864ed2fc2948badbf84ee6a50d2d58c2a3da47ddf2bdf5ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcb698b9ce71179655e8d018370367643db60866aa6261040852d0da1733547b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F641C551F0C64295EA24EA23A8146FEA755FF44FC8F444132EE2DC7786DE2CE265C300
                                                                                                                                                                                                                              Function 00007FF6DFF769E0 Relevance: 18.1, APIs: 10, Strings: 2, Instructions: 114stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpystrncpy$malloc$callocfree
                                                                                                                                                                                                                              • String ID: Cannot allocate memory for necessary files.$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 1819673767-1389504347
                                                                                                                                                                                                                              • Opcode ID: 787acaf8368f2bd4104b9299faa6259621256a267846ec07b1dfe6e80cc8ca8b
                                                                                                                                                                                                                              • Instruction ID: 5b382e8a35e4ef0be4d43a2509c60334f842d77a650e38e39b54c8b68744ae19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 787acaf8368f2bd4104b9299faa6259621256a267846ec07b1dfe6e80cc8ca8b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B14108A2F0964157EA28EB22A5441EDA761FB45B84F444432DF2D87781DF7CF1718304
                                                                                                                                                                                                                              Function 61D40300 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,?,?,?,61CC1278), ref: 61D4042D
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Unknown pseudo relocation bit size %d., xrefs: 61D4059A
                                                                                                                                                                                                                              • Unknown pseudo relocation protocol version %d., xrefs: 61D405AE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                              • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                                                                                                                              • API String ID: 544645111-395989641
                                                                                                                                                                                                                              • Opcode ID: 59c0639059f1de7426e42343b308dab7926fc0ad809ccbc59e74e43cdf97b45a
                                                                                                                                                                                                                              • Instruction ID: d2df6a0a1c7d14db71b0b873ac793081304a4f184ed108e8b27f747019f9d7ee
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59c0639059f1de7426e42343b308dab7926fc0ad809ccbc59e74e43cdf97b45a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99913371B1024187FB008BB598807CE2772ABA97E8F64C515CE6EC77A8EB3DD482C751
                                                                                                                                                                                                                              Function 61CD4130 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 117stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freemallocmemcpystrchrstrlen
                                                                                                                                                                                                                              • String ID: and,$http://$local$or,
                                                                                                                                                                                                                              • API String ID: 3771145599-2506292620
                                                                                                                                                                                                                              • Opcode ID: cac4630ccfb9731fb3f67555f3dd105eaa784011ba8c730ed969294854159610
                                                                                                                                                                                                                              • Instruction ID: 05d5f84868cb5772b7d5b5c9e0ff3ce35dd773275e609616f31cc00333977d42
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cac4630ccfb9731fb3f67555f3dd105eaa784011ba8c730ed969294854159610
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C31E621B06658D1FA118BA3A9003AD6B65E742BF8F88C7258F3817FD4FB3AD056C351
                                                                                                                                                                                                                              Function 00007FF6DFF72410 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                              • Opcode ID: 634056c5d82886171c5826ebe08236f1ab83107b6a9b60c113236062154ca025
                                                                                                                                                                                                                              • Instruction ID: a392f66cc7a4393c07e568f2692e8b0165ab0fb2e4dec9662cfd9cf96ebf50ec
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 634056c5d82886171c5826ebe08236f1ab83107b6a9b60c113236062154ca025
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A4165766146A18AD7208F26E44876D77A1F788F99F084232EE8987B59DF3CD145CB20
                                                                                                                                                                                                                              Function 00007FF8A8514744 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_Unicode_$ArgumentCheckDigitErr_FromLongLong_PositionalReadyString
                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                              • API String ID: 2437920334-4278345224
                                                                                                                                                                                                                              • Opcode ID: ccb09f388915106ffe9f25cd2f8b5f89e24ca1c0215dd7662e71457763ebd078
                                                                                                                                                                                                                              • Instruction ID: 1d1866d25da5f06ffa420e034cc97bc46438aded201c775176e3550acf2a3b31
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ccb09f388915106ffe9f25cd2f8b5f89e24ca1c0215dd7662e71457763ebd078
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB416C31F1A686B1FB50AB55DC5027923A2FF84BC4F54A435CE1D87A94DF2DE846C328
                                                                                                                                                                                                                              Function 61CC9BB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (list size out of range), xrefs: 61CCA911
                                                                                                                                                                                                                              • NULL object in marshal data for list, xrefs: 61CCAFC7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_List_Occurred
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for list$bad marshal data (list size out of range)
                                                                                                                                                                                                                              • API String ID: 1902535023-3453879413
                                                                                                                                                                                                                              • Opcode ID: 869f04f9993b646e28468f1d71b9ecd04acc7ee3c5e1653433e89f15c32e4b80
                                                                                                                                                                                                                              • Instruction ID: 4acf48295f5d4d2d0bd595fcecad967f2ca8683d7aaec8b9391213bc3d45cd8d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 869f04f9993b646e28468f1d71b9ecd04acc7ee3c5e1653433e89f15c32e4b80
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72312D31646A40C6EA15CFAAE58C79E67A2BBC5FC8F09D415C90E47724FF3AC859C341
                                                                                                                                                                                                                              Function 61CC9E04 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • NULL object in marshal data for tuple, xrefs: 61CCADFB
                                                                                                                                                                                                                              • bad marshal data (tuple size out of range), xrefs: 61CCABF9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_OccurredTuple_
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for tuple$bad marshal data (tuple size out of range)
                                                                                                                                                                                                                              • API String ID: 3674511531-3094253248
                                                                                                                                                                                                                              • Opcode ID: 1334e0673d9c89cb7a7049411a0caaba6fbb731a10c7b1f1db972c729159dde3
                                                                                                                                                                                                                              • Instruction ID: 299701401bb9393f3e24d90e1baca591a7132edfb7ce92f726f11b4f58dfb253
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1334e0673d9c89cb7a7049411a0caaba6fbb731a10c7b1f1db972c729159dde3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3212B31246A40C1EE14CFAAD59C75E27A6BBC5F95F0AC414CD0E57324FE39C896C382
                                                                                                                                                                                                                              Function 61CD8B30 Relevance: 16.9, APIs: 3, Strings: 8, Instructions: 356stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen
                                                                                                                                                                                                                              • String ID: 8$?$?$@$MD5$in != NULL$md != NULL$src/hashes/md5.c
                                                                                                                                                                                                                              • API String ID: 39653677-3461814546
                                                                                                                                                                                                                              • Opcode ID: c50d777c546e1ed56edb68ea0b9bf3e93e1026468edbe4b7871622637cec59c4
                                                                                                                                                                                                                              • Instruction ID: 79f021dadd2eaa991624bd799e1ed7055a4ea2aa32b8075367629a0c3cc96ed7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c50d777c546e1ed56edb68ea0b9bf3e93e1026468edbe4b7871622637cec59c4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96D103B3A082C1CAF705CB9AE454B6EBFA1E395388F44A009DF821BB44E77DD445DB42
                                                                                                                                                                                                                              Function 00007FF8A8512740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                                                                                              • Opcode ID: d9075fb2b0ba11a0ca4eca901d47b6c9aa6f7dca5772fbcecca27907c885e73c
                                                                                                                                                                                                                              • Instruction ID: 3cd910bc548db668a688bb09891fb9436149a1a44dfc4f591d8cca86cd1bec6e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9075fb2b0ba11a0ca4eca901d47b6c9aa6f7dca5772fbcecca27907c885e73c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9181AC21E0E243BAFA94FB65AC512B966D1EF857C0F148035DE4C43BA6DF7CE8458728
                                                                                                                                                                                                                              Function 00007FF8A86E71FD Relevance: 16.7, APIs: 4, Strings: 7, Instructions: 164stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strchr
                                                                                                                                                                                                                              • String ID: ..\s\crypto\ocsp\ocsp_lib.c$/$/$443$[$http$https
                                                                                                                                                                                                                              • API String ID: 2830005266-535551730
                                                                                                                                                                                                                              • Opcode ID: 3599b5d8e7b23bca4aa89a6d289242b8b2e1b5dd0b052be938d3549ec404f259
                                                                                                                                                                                                                              • Instruction ID: 9a574c47553e30fd8e5216530393d84a67cacc4aa789c29c35e19f618c7f2bcb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3599b5d8e7b23bca4aa89a6d289242b8b2e1b5dd0b052be938d3549ec404f259
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E561A925B0AB42AAFB15DB15E8182B93761FB85BC0F894031DA8D07392EF3DE545C739
                                                                                                                                                                                                                              Function 61CDD9E0 Relevance: 16.6, APIs: 8, Strings: 3, Instructions: 99stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: aes$name != NULL$src/misc/crypt/crypt_find_hash.c
                                                                                                                                                                                                                              • API String ID: 1004003707-455514378
                                                                                                                                                                                                                              • Opcode ID: a2a4b03777c91be731f4a5a861865b9b9e5ca0b06c2674fbe3e03d9027fade8a
                                                                                                                                                                                                                              • Instruction ID: 3b6290dc194937907d646660ff824a9932a5119ea06ec433b4bcb1f250da228a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2a4b03777c91be731f4a5a861865b9b9e5ca0b06c2674fbe3e03d9027fade8a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93314F61B0668699FF15CFA6CA947FE6725AB81BD8F04C110CF2A8B984FF14E109C751
                                                                                                                                                                                                                              Function 61CC9E90 Relevance: 16.6, APIs: 11, Instructions: 85COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dict_$AppendDeallocItemList_
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2970173465-0
                                                                                                                                                                                                                              • Opcode ID: 3750ea80905449795f0ed7eb0e2e69e055f61f8138e482fa179e90dc0206f2e8
                                                                                                                                                                                                                              • Instruction ID: 82137f028307a987bb4f44fe7386923eb422282a4fb6defb855b8119da67335d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3750ea80905449795f0ed7eb0e2e69e055f61f8138e482fa179e90dc0206f2e8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7313831646A80D5EA158FA6E84835E23B5BBCAFD4F08C024CE4E56724FE3EC891C342
                                                                                                                                                                                                                              Function 61CD28F0 Relevance: 16.6, APIs: 11, Instructions: 78memorynetworkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$Free$Alloc$NetworkParams
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3483679945-0
                                                                                                                                                                                                                              • Opcode ID: d9f1ccaa99a51a1757a863b0196e384b4b9e305eaa7d108583507cf1e9d094f6
                                                                                                                                                                                                                              • Instruction ID: 0065ee97b67677d9e6fe9ecf7907c02b5863d38fa8f4cb2ca61862724a1e87b7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9f1ccaa99a51a1757a863b0196e384b4b9e305eaa7d108583507cf1e9d094f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C11B66170565694EA14E7F77C107AE96926BCABE8F4CC136AE2C973A4FE38C142C311
                                                                                                                                                                                                                              Function 61CC1660 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$FormatOccurred
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 4038069558-1595188566
                                                                                                                                                                                                                              • Opcode ID: ab844dd0573c5d4e5db60297e75af00a480c6ebc469f50d619f5e798285aab1f
                                                                                                                                                                                                                              • Instruction ID: a1357b21aacc039950d7f2b264206db2938625585142f03a64017ec67e299faf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab844dd0573c5d4e5db60297e75af00a480c6ebc469f50d619f5e798285aab1f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F241AE72615780C6EB048BAFA4513AE7B71F78AFD8F4D8025CE4E07B24EE29C941C781
                                                                                                                                                                                                                              Function 61D40850 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: signal
                                                                                                                                                                                                                              • String ID: CCG
                                                                                                                                                                                                                              • API String ID: 1946981877-1584390748
                                                                                                                                                                                                                              • Opcode ID: 3fd33f9d0d8be5c47111497dc89fdfb5665315b94049332a99d209a55ae08ee2
                                                                                                                                                                                                                              • Instruction ID: 1086af72c84e07eb131889e1e483c2ba92bf57371fd9bb8d3e6ea21d20e2bb0b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3fd33f9d0d8be5c47111497dc89fdfb5665315b94049332a99d209a55ae08ee2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6318E24B4A00185FF1953F944603E915616BEF3F8F1CCB1A8ABEC73E5DE6C98D04652
                                                                                                                                                                                                                              Function 61CC9890 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC98A0
                                                                                                                                                                                                                              • PyUnicode_DecodeUTF8.PYTHON310 ref: 61CCA06F
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • surrogatepass, xrefs: 61CCA065
                                                                                                                                                                                                                              • bad marshal data (string size out of range), xrefs: 61CCA846
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DecodeErr_OccurredUnicode_
                                                                                                                                                                                                                              • String ID: bad marshal data (string size out of range)$surrogatepass
                                                                                                                                                                                                                              • API String ID: 1138423624-4021928140
                                                                                                                                                                                                                              • Opcode ID: 45ebbcbf1cf93850d7e84a196a691875e40f79ef29fc15d5c5264f980fa23018
                                                                                                                                                                                                                              • Instruction ID: 609a780dbf2ee67ae141395d6db29a95697d82223c69f8486f53894b4b69ddb5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45ebbcbf1cf93850d7e84a196a691875e40f79ef29fc15d5c5264f980fa23018
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88314D326466A0C2EA168F16D44879F7365FB89FD4F09C510CE4917728FE39D88AC785
                                                                                                                                                                                                                              Function 00007FF8A8514AFC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Unicode_$Equal$CompareDeallocErr_ReadyString
                                                                                                                                                                                                                              • String ID: invalid normalization form
                                                                                                                                                                                                                              • API String ID: 3010910608-2281882113
                                                                                                                                                                                                                              • Opcode ID: db7500ed328ea89a7218ce296b7fc290dacc1b6cdf2a18ecf46c4dd9d09d4559
                                                                                                                                                                                                                              • Instruction ID: 71a0c33618609e0fe7cb48fe522598173810ebf1de50c0076266791099363cdd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db7500ed328ea89a7218ce296b7fc290dacc1b6cdf2a18ecf46c4dd9d09d4559
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65418B35B0EA43A5EE54AB52AC4433963A2FF48BC8F845435CE4E473A0DF2DE404C328
                                                                                                                                                                                                                              Function 61CC7FE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 65stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$FetchFormatFromObject_RestoreWindowsstrerror
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 2858978339-1595188566
                                                                                                                                                                                                                              • Opcode ID: d63ce9bf5b9824030ec72d4fa0ff26b3671df568a50a260d73afc1111a553404
                                                                                                                                                                                                                              • Instruction ID: 8635a65c7f948038af4ff0fac613359872b2aa091ba8cd86f5b7a600d28d4a10
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d63ce9bf5b9824030ec72d4fa0ff26b3671df568a50a260d73afc1111a553404
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8219A32A05A44C1EB018B69E8507DE7761FB8AF84F8A8026CE4E13364DF3EC846D380
                                                                                                                                                                                                                              Function 61CCEFA0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 58fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • XXX readobject called with exception set, xrefs: 61CCF05D
                                                                                                                                                                                                                              • NULL object in marshal data for object, xrefs: 61CCF08E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Occurred$FreeList_Mem_Stringfwrite
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for object$XXX readobject called with exception set
                                                                                                                                                                                                                              • API String ID: 4281374468-3392712392
                                                                                                                                                                                                                              • Opcode ID: 8438a1c87a4b2bbec939fc54df27e198a94b133ca46fb1e5dc5b828edf7629eb
                                                                                                                                                                                                                              • Instruction ID: 9f368714134e026e18bc32ba3b626a9dbb47166204ea6cc415a7d1c5f63f9fa7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8438a1c87a4b2bbec939fc54df27e198a94b133ca46fb1e5dc5b828edf7629eb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F121B431206B40C9EB148BA5F84439E7771FB85F88F188029D98E43768EF7EC855C751
                                                                                                                                                                                                                              Function 00007FF8A8514A10 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                                                                                                                                                                                                                              • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                              • API String ID: 396090033-184702317
                                                                                                                                                                                                                              • Opcode ID: 9d1203bcce706692093d0a19077d82ede6903c2045b72994e20d8ca9bfefa43b
                                                                                                                                                                                                                              • Instruction ID: df559062510526490ef9e563ad499807edfbd4c9cb1d8fd49c5b0f64c139288d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d1203bcce706692093d0a19077d82ede6903c2045b72994e20d8ca9bfefa43b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8921D320A09A87A5E750AB65EC442B92392FF44BD9F496131DE1D077E4CF2CE446C32C
                                                                                                                                                                                                                              Function 61CCEEB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • XXX readobject called with exception set, xrefs: 61CCEF4D
                                                                                                                                                                                                                              • NULL object in marshal data for object, xrefs: 61CCEF7E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Occurred$FreeList_Mem_Stringfwrite
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for object$XXX readobject called with exception set
                                                                                                                                                                                                                              • API String ID: 4281374468-3392712392
                                                                                                                                                                                                                              • Opcode ID: 9bc73786e3ecb989be935dd0012c40977b2ce73ccc74614b09afcfdd4326b992
                                                                                                                                                                                                                              • Instruction ID: 64225f5ed26077c81b9016baf140bed9add4601898762622e0a93ee42f2a24d3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bc73786e3ecb989be935dd0012c40977b2ce73ccc74614b09afcfdd4326b992
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D811BF31206A41C1FA059BAAF8457AD7B70BB8AF88F1C8125ED4D02724FF3DC856C741
                                                                                                                                                                                                                              Function 61CCEB90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CCEC37
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CCEC18
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Mem_$FormatFreeMallocMemoryOccurredfread
                                                                                                                                                                                                                              • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 28673812-3742967138
                                                                                                                                                                                                                              • Opcode ID: 2b034edb9111519eb2c38ac10b8020e403966ed57b39285113f5faf58694faca
                                                                                                                                                                                                                              • Instruction ID: c0313f20954674310e1336330b1018cc10dadb7061bd36615e2f3d7424ba42db
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b034edb9111519eb2c38ac10b8020e403966ed57b39285113f5faf58694faca
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B110830705650C1FB144BBBE8567A92B62B74AFD8F0C8221CD5E437A4EE2D8955C351
                                                                                                                                                                                                                              Function 00007FF6DFF78B30 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharErrorFormatLastMessageMultiWide
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 1653872744-2573406579
                                                                                                                                                                                                                              • Opcode ID: a444a6fb349bc4707b2cf69bc53a33dba0618e531a6d6d2ca6af9caf27ae63ed
                                                                                                                                                                                                                              • Instruction ID: ce4d7e3390e0c1b346711bc6b0ea684389290f9c303fafd0d7a854543b9cda1d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a444a6fb349bc4707b2cf69bc53a33dba0618e531a6d6d2ca6af9caf27ae63ed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3121AFB1E0CB0391F7209B15F8547AE6361AF88388F548636E96D836A4DF3CE569C700
                                                                                                                                                                                                                              Function 61CCEC60 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CCECF7
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CCECDB
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Mem_$FormatFreeMallocMemoryOccurredfread
                                                                                                                                                                                                                              • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 28673812-3742967138
                                                                                                                                                                                                                              • Opcode ID: 3477522f7a73a7e805cebe6f75efecb249884f426556225bb1a19a5bf86c3ee7
                                                                                                                                                                                                                              • Instruction ID: ba75690b0b350f410aea896e419c8a424035a26e753449f3c745279abe3ab9c4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3477522f7a73a7e805cebe6f75efecb249884f426556225bb1a19a5bf86c3ee7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD115271701620C1FA059BABEC417992722B74AFE8F0D8625CD1E477E4EE3E8D95C782
                                                                                                                                                                                                                              Function 61CDDE60 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • src/misc/crypt/crypt_register_hash.c, xrefs: 61CDE0C7
                                                                                                                                                                                                                              • hash != NULL, xrefs: 61CDE0CE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                                                                              • String ID: hash != NULL$src/misc/crypt/crypt_register_hash.c
                                                                                                                                                                                                                              • API String ID: 1475443563-1465673959
                                                                                                                                                                                                                              • Opcode ID: 23304dcb6f6b2e463d06cef35dbdc4f0435497564c5e55eaef9bda98584721be
                                                                                                                                                                                                                              • Instruction ID: f67a9552f36335049468a1464f3bd13140078a7f81233298d52548c2696c8649
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23304dcb6f6b2e463d06cef35dbdc4f0435497564c5e55eaef9bda98584721be
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC615932611B4486E751CF66E884B9EB7B8F344BD8F448026CF9987B90EF39E15AD350
                                                                                                                                                                                                                              Function 61CDE0F0 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • prng != NULL, xrefs: 61CDE326
                                                                                                                                                                                                                              • src/misc/crypt/crypt_register_prng.c, xrefs: 61CDE31F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                                                                              • String ID: prng != NULL$src/misc/crypt/crypt_register_prng.c
                                                                                                                                                                                                                              • API String ID: 1475443563-58737364
                                                                                                                                                                                                                              • Opcode ID: d52c40c2f8ab3e1bffc00e7a528043fc524f9a0f27976295338e7d2b1a0a2e0f
                                                                                                                                                                                                                              • Instruction ID: 00fa670c53afa90a9a723fea116c108a251473a458131eb1eedea962d0caa373
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d52c40c2f8ab3e1bffc00e7a528043fc524f9a0f27976295338e7d2b1a0a2e0f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F51CF32B40B959AE710CB62D9C4BDEB768FB44BD4F858125CF6983780EB34E259C750
                                                                                                                                                                                                                              Function 61CDDB30 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 108stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: name != NULL$src/misc/crypt/crypt_find_prng.c
                                                                                                                                                                                                                              • API String ID: 1004003707-2030105502
                                                                                                                                                                                                                              • Opcode ID: d520ad8b05880d225481b273f22ec4db285ebc539b38e689d553a9564bf13922
                                                                                                                                                                                                                              • Instruction ID: 0a5f0588ef1d779fe449bfa63e9af13c0c2f039a3a77354b653da8ae6f1009e6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d520ad8b05880d225481b273f22ec4db285ebc539b38e689d553a9564bf13922
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD316E21B0264689FE29CFA685D07BD6722AFC6BD8F048014CF2A8B984FB58F106C750
                                                                                                                                                                                                                              Function 61CDD890 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 99stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • name != NULL, xrefs: 61CDD9C8
                                                                                                                                                                                                                              • src/misc/crypt/crypt_find_cipher.c, xrefs: 61CDD9C1
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: name != NULL$src/misc/crypt/crypt_find_cipher.c
                                                                                                                                                                                                                              • API String ID: 1004003707-679692990
                                                                                                                                                                                                                              • Opcode ID: 8544638b329b133ad2665c7a4cf68f1f4ce9b95be7c49f8288f5b50d7f5a5f55
                                                                                                                                                                                                                              • Instruction ID: 5c243ba1a0a07064c2db14693f94eeeb513b35ae0b1e50c05e0a24ff184205d3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8544638b329b133ad2665c7a4cf68f1f4ce9b95be7c49f8288f5b50d7f5a5f55
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0313E21B026C689FF15CF9699D47BD6726EB80BD8F05C110CF6A8BA84FF15E109C790
                                                                                                                                                                                                                              Function 00007FF6DFF78500 Relevance: 15.1, APIs: 10, Instructions: 75fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclose$clearerrferror$_wfopenfreadfwrite
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4075948245-0
                                                                                                                                                                                                                              • Opcode ID: 895416de5551a69e53d05cbcb296a47d0632e6c273903f1e70700b8bddf1312c
                                                                                                                                                                                                                              • Instruction ID: 95f8fdbfcdebfce42eee78c5c4ca8aa1c58bedf5173b6ee43e8a39638485038d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 895416de5551a69e53d05cbcb296a47d0632e6c273903f1e70700b8bddf1312c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5212C51F0D24301F92566275A112FD87810F46FE9E688937EC3EEB7C6ED1DE9259340
                                                                                                                                                                                                                              Function 00007FF6DFF82C0B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 176stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwprintf$___lc_codepage_func___mb_cur_max_funcfputwcmemsetstrlen
                                                                                                                                                                                                                              • String ID: %*.*S$%-*.*S$%.*S
                                                                                                                                                                                                                              • API String ID: 1485978544-2115465065
                                                                                                                                                                                                                              • Opcode ID: d2eb4217ddd9504e58b3f4f9667a6e8988adc284b89a5f1a388818bb5d907d71
                                                                                                                                                                                                                              • Instruction ID: 8346da720d5201c6fc96e484d1fa1164e6fc85b14c2ad6ccce1c1c233f15eb46
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2eb4217ddd9504e58b3f4f9667a6e8988adc284b89a5f1a388818bb5d907d71
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE81DDB6B04B498AE710CF2AC8806AC77E0F748B9CB118536EE5D87B58DF38E510CB40
                                                                                                                                                                                                                              Function 61CC13C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ObjectSizeSys_Unicode_getenv
                                                                                                                                                                                                                              • String ID: LANG$PYARMOR_LANG$_PARLANG
                                                                                                                                                                                                                              • API String ID: 223123148-1822377752
                                                                                                                                                                                                                              • Opcode ID: d249efbf808a52a0e06fbd264aa83bcb98b08bffaac0ad04f1c1028cbb22d494
                                                                                                                                                                                                                              • Instruction ID: dd5041a78eaaffa0c309ed477b0fe588d4f873330c17524261c29f2f35813320
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d249efbf808a52a0e06fbd264aa83bcb98b08bffaac0ad04f1c1028cbb22d494
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A451C0B26092E0C5EB02CBAF91903ADBFB3A742F85F4CC016CA9947355E729C895C352
                                                                                                                                                                                                                              Function 00007FF8A86E41D3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastsetsockopt
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_sock2.c$o
                                                                                                                                                                                                                              • API String ID: 1729277954-1872632005
                                                                                                                                                                                                                              • Opcode ID: 4436fc6254bc72a54972405be3f68e9f830346a03ab368bea1c244b879c7c278
                                                                                                                                                                                                                              • Instruction ID: 90ebfcc737244310c7dd339f5361fb5ed40b07ed1f56bf7819e32d710cf587cf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4436fc6254bc72a54972405be3f68e9f830346a03ab368bea1c244b879c7c278
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2751A131B0A54296F720DF21E8087BEB3A0FB84B84F184139E65907A95EF7DE545CB29
                                                                                                                                                                                                                              Function 00007FF8A86E1D48 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HandleModule$AddressProc
                                                                                                                                                                                                                              • String ID: OPENSSL_Applink$OPENSSL_Uplink(%p,%02X): $_ssl.pyd$_ssl_d.pyd
                                                                                                                                                                                                                              • API String ID: 1883125708-1130596517
                                                                                                                                                                                                                              • Opcode ID: d7003f0cb0e0d0039ea82a20f93083a2f03f09b28b401cdfd41ce747ed1fa16f
                                                                                                                                                                                                                              • Instruction ID: 5420de5f2de9c1b2395b92ae75d84972f032d13e606d17f783ca281995fc91a8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7003f0cb0e0d0039ea82a20f93083a2f03f09b28b401cdfd41ce747ed1fa16f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2515E22D0BB82A2E7218F24E805174B3A0FF587E9F185335D96D162A5FF7CB595C328
                                                                                                                                                                                                                              Function 00007FF6DFF78D20 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                              • API String ID: 1374691127-27947307
                                                                                                                                                                                                                              • Opcode ID: c28c0e6c5d8874854bbcf17be2a90bb230ec35532378af5f2a3c060bcab11e97
                                                                                                                                                                                                                              • Instruction ID: 0c7d5e9bc210586d3266d7fa33d153b834d967358e801053244ef3e995094e7e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c28c0e6c5d8874854bbcf17be2a90bb230ec35532378af5f2a3c060bcab11e97
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E12171A1E0DB4284EB209B66E85037EA751EF48394F544637DA6E877D5EF3CD014C740
                                                                                                                                                                                                                              Function 00007FF6DFF78C30 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Out of memory.$WideCharToMultiByte$win32_wcs_to_mbs
                                                                                                                                                                                                                              • API String ID: 1374691127-3831141058
                                                                                                                                                                                                                              • Opcode ID: 70b0f69a5f29bccdbde79e00c8141b456ca76900c87d9a96fa50ccaa8911fad9
                                                                                                                                                                                                                              • Instruction ID: 1e02d4b8b2572cbe69a01b1a892fed694666fc1bfe4374e98ca6aa1d9704d815
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70b0f69a5f29bccdbde79e00c8141b456ca76900c87d9a96fa50ccaa8911fad9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD21AE61E0CB4684FB209B56E85476EA791EF48394F54823BEE6E872D5EF3CE114C700
                                                                                                                                                                                                                              Function 00007FF6DFF78850 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errnostrerror$_strdupcalloc
                                                                                                                                                                                                                              • String ID: LOADER: failed to allocate argv_pyi: %s$LOADER: failed to strdup argv[%d]: %s
                                                                                                                                                                                                                              • API String ID: 4278403329-2782260415
                                                                                                                                                                                                                              • Opcode ID: 1d9ac3ccfa277b8f64417ff6ae261a12fd7eef427e7f1ea7b4c48e259a183636
                                                                                                                                                                                                                              • Instruction ID: 988da3331115488e609a45b75c5a7114608f4476b182f52658dd46157a018ff0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d9ac3ccfa277b8f64417ff6ae261a12fd7eef427e7f1ea7b4c48e259a183636
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1311AF62E0960395F7249F55E841ABDA790BF44B45F64463ADD3EC7391EE3CA464C300
                                                                                                                                                                                                                              Function 61CE7D50 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                              • String ID: mask != NULL$seed != NULL$src/pk/pkcs1/pkcs_1_mgf1.c
                                                                                                                                                                                                                              • API String ID: 2803490479-2931318352
                                                                                                                                                                                                                              • Opcode ID: 89b38fa943132528f07c6caaf7e5e3050e5e2c9f0bbd36ffc81d130a959c7cf9
                                                                                                                                                                                                                              • Instruction ID: 99ff88b78ed93a5240882111bcf7f0c170129438062cf49d5ad44a0a7ce73eff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89b38fa943132528f07c6caaf7e5e3050e5e2c9f0bbd36ffc81d130a959c7cf9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C55114327483C18AEB11CB76A8087BE7F61EB41B88F08C044DE5647B46FB3AD516E790
                                                                                                                                                                                                                              Function 00007FF6DFF78EF0 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: %s%s: %s$Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                              • API String ID: 1374691127-2292745976
                                                                                                                                                                                                                              • Opcode ID: ae36a3af2c446c5ec232e177f4e3447b6ea882bf452ebd8e328b24314d8fb46a
                                                                                                                                                                                                                              • Instruction ID: a06bbc942f7b06f367d388c3c42a3877dee9169ef41c31f784d905c65db84865
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae36a3af2c446c5ec232e177f4e3447b6ea882bf452ebd8e328b24314d8fb46a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A711A561F0974284FA209B66EC502BD9352AF487A4F588637DE2DC76D1DE7CE124C300
                                                                                                                                                                                                                              Function 00007FF8A86E60CD Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Fiber$Switch$CreateDeletememmove
                                                                                                                                                                                                                              • String ID: *$..\s\crypto\async\async.c
                                                                                                                                                                                                                              • API String ID: 81049052-1471988776
                                                                                                                                                                                                                              • Opcode ID: 494a5ead15e9286cf7091b0957f8f1a7f3de55a7eaba4cdd55d047e97a87598e
                                                                                                                                                                                                                              • Instruction ID: 0159488b5fe990154dd534aaf79f9b7e3e26fcd5c9180cf14680fe1051e95c85
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 494a5ead15e9286cf7091b0957f8f1a7f3de55a7eaba4cdd55d047e97a87598e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79A15F32A0AB42A6FB24DF26E458279B3A0FB44BC4F444435DA4D47B91EF3CE555C724
                                                                                                                                                                                                                              Function 00007FF8A8511720 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$category
                                                                                                                                                                                                                              • API String ID: 2803103377-2068800536
                                                                                                                                                                                                                              • Opcode ID: 5f462ffedad45deb0981e3602ffe955f9611f4bc9ee03e43466de6ab20229954
                                                                                                                                                                                                                              • Instruction ID: c7e59bef8993eb47b81371cbd37618eadc34c7dd61a604bb7e2334500395faae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f462ffedad45deb0981e3602ffe955f9611f4bc9ee03e43466de6ab20229954
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F51E562F0AA86B2EB549B05DCA027C23A1FF44BD4F045135DE8E87B90DF2CE845C328
                                                                                                                                                                                                                              Function 00007FF8A8511000 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                              • API String ID: 2803103377-2110215792
                                                                                                                                                                                                                              • Opcode ID: 7fb371fac5a4976876b5a0aa1cb6a1478627d4ac754c8c031e7e31938689ba61
                                                                                                                                                                                                                              • Instruction ID: 55862cc4e73b09f8c3cf155ed03dec47429ec67342a0d3309e87894d9f580304
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7fb371fac5a4976876b5a0aa1cb6a1478627d4ac754c8c031e7e31938689ba61
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02410261F4AA82A2EB189B15CCA437963A1FF44FD5F445034DE8E836D0DF2DE884C368
                                                                                                                                                                                                                              Function 61CC9900 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyUnicode_FromKindAndData.PYTHON310 ref: 61CC9949
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 61CCA2A9
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61CCA29C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DataErr_FromKindStringUnicode_
                                                                                                                                                                                                                              • String ID: EOF read where object expected
                                                                                                                                                                                                                              • API String ID: 3898585613-3634523442
                                                                                                                                                                                                                              • Opcode ID: 2a4bee291be284b1d0bf09b3e4e8a717c5567653c1dd38e9cef45f84b753e4a6
                                                                                                                                                                                                                              • Instruction ID: 4b0be669fdc08cb22a6ecb13d8ae4541e58c331579156d915b9c1ad1fcbaa473
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a4bee291be284b1d0bf09b3e4e8a717c5567653c1dd38e9cef45f84b753e4a6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF315732605A91C1EA16CF59D448B9F2766FB85FD4F0AC511CE4D17368FB39D886C382
                                                                                                                                                                                                                              Function 00007FF8A85145DC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FromStringUnicode_$S_snprintfSizeSubtypeType_memcpy
                                                                                                                                                                                                                              • String ID: $%04X
                                                                                                                                                                                                                              • API String ID: 762632776-4013080060
                                                                                                                                                                                                                              • Opcode ID: 99f4d1507ef4c0457aed7c3cfe67c5ab37577bd27693eb2c59433b0cb40ea54e
                                                                                                                                                                                                                              • Instruction ID: 414be4841e3a7ea0ae4d236bfe0854d643f45357d671034130a87acad990fd12
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99f4d1507ef4c0457aed7c3cfe67c5ab37577bd27693eb2c59433b0cb40ea54e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D031C172A09A8161EA21AB14DC543B963A2FF45BE8F881234CEAE076D5CF2CD549C324
                                                                                                                                                                                                                              Function 00007FF8A85141A4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                              • API String ID: 3097524968-4202047184
                                                                                                                                                                                                                              • Opcode ID: 29f396a6d2780ed47fe1516f31ac2bdb0dc14ce637f69e57af0b062eee8e7792
                                                                                                                                                                                                                              • Instruction ID: eefada0647aae04c0d07ba9572d60b0625a1d0a59d2805b02d9b23da3eef0cf4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29f396a6d2780ed47fe1516f31ac2bdb0dc14ce637f69e57af0b062eee8e7792
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE31DF21B0A60662FF946B65DC6137912A2FF58BD4F44A135CE2E873D4DF2CE8858368
                                                                                                                                                                                                                              Function 00007FF8A8514C78 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                              • API String ID: 3097524968-4001128513
                                                                                                                                                                                                                              • Opcode ID: b02090dbf6a790e07fdcbdc2bdba5f0a3fa41482ead3906e20a0787a734c1b8e
                                                                                                                                                                                                                              • Instruction ID: e1f4bec6acdceb1058abe817b43717c60e64f5b5dbeabebfb0b7011ca8b3c997
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b02090dbf6a790e07fdcbdc2bdba5f0a3fa41482ead3906e20a0787a734c1b8e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC31BF60B0A64662FF546B11DCA137922A2FF44BD8F4865B5CE1E473D4DF2CE845C368
                                                                                                                                                                                                                              Function 61CC8C60 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61CC8D19
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61CC8D6C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_S_string_to_doubleStringmemcpy
                                                                                                                                                                                                                              • String ID: EOF read where object expected$marshal data too short
                                                                                                                                                                                                                              • API String ID: 1651926552-3827827332
                                                                                                                                                                                                                              • Opcode ID: 0c6bdfb1a16e4f5a45784a79f2cf64e101352d1b8c4c2fbf34421d9f351cc171
                                                                                                                                                                                                                              • Instruction ID: 59f9cff026be96a696ab3e4afdb1ef8535b8ee37864cb9a9fb3025f0fc11b8be
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c6bdfb1a16e4f5a45784a79f2cf64e101352d1b8c4c2fbf34421d9f351cc171
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22314F72206A14C0EF15DB69E45079A3371B795FD8F5886218E0D07358EF39C9A5E382
                                                                                                                                                                                                                              Function 61CC3790 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON310 ref: 61CC37ED
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON310 ref: 61CC37FF
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC380B
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC3883
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CallDeallocMethod_Object_Size
                                                                                                                                                                                                                              • String ID: %U.%s$close$read
                                                                                                                                                                                                                              • API String ID: 3129687173-1885073756
                                                                                                                                                                                                                              • Opcode ID: 6636278560cdc5956eb2c2b2f870ce0f3a379f1cd1c949072ec38348d3f421b5
                                                                                                                                                                                                                              • Instruction ID: 703e5c1e0f080086152fe566eeecc5a05de9db1630812e07d7b607cb8083b1db
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6636278560cdc5956eb2c2b2f870ce0f3a379f1cd1c949072ec38348d3f421b5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C116576342620E1FA06DB56FC443D923A27B06FD4F4CA5268D0907724EF3EC955C341
                                                                                                                                                                                                                              Function 00007FF6DFF715E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                                                              • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                                                                                                                                                                                                                              • API String ID: 384173800-1835852900
                                                                                                                                                                                                                              • Opcode ID: c987cd605a046c4775a246cf352f7a0ef9f3b92eb4b15ad4de75813f5d1440e3
                                                                                                                                                                                                                              • Instruction ID: 2d8f1762d55a027ed8050eb516fbbc40f0398d7230d6ea834721bfb353afd410
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c987cd605a046c4775a246cf352f7a0ef9f3b92eb4b15ad4de75813f5d1440e3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1301DB65E09A1BA1EA159F06BC5027D6364BF48B84F494133C96DC7364EF2CE53AC340
                                                                                                                                                                                                                              Function 61CC8F80 Relevance: 12.2, APIs: 8, Instructions: 242fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3559309478-0
                                                                                                                                                                                                                              • Opcode ID: f3a9fcf0a7bf179d3d669c786ac33edee2f67ffe8dfcee152f2b86ce1c998025
                                                                                                                                                                                                                              • Instruction ID: 20064d6d5826a0ae96f29ebcf6d38c6e8c02b44e8435c0115f2d46ce6c0c3c4f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3a9fcf0a7bf179d3d669c786ac33edee2f67ffe8dfcee152f2b86ce1c998025
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F39188B2201B80C1DB148FAAD54078D77B1F749FE8F558226CE6D17398EB39C9A0C381
                                                                                                                                                                                                                              Function 61CE23E0 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 127COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: in != NULL$inlen != 0$public_key_len != NULL$src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
                                                                                                                                                                                                                              • API String ID: 306872129-3913984646
                                                                                                                                                                                                                              • Opcode ID: 55c03c7d945843d4f48ff6d8705b7a8d405f0244384c4b17b89262f28d3a769a
                                                                                                                                                                                                                              • Instruction ID: f83d5680d0152e3da2c78ba881a9c7298490f925f92b51b185d1553332ea584f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55c03c7d945843d4f48ff6d8705b7a8d405f0244384c4b17b89262f28d3a769a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB416A723092C2DAE731CB66E8647DAB7A5F3C8788F4481198E9947B98EB7DC044CF50
                                                                                                                                                                                                                              Function 61D40100 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Address %p has no image-section, xrefs: 61D402E9
                                                                                                                                                                                                                              • VirtualQuery failed for %d bytes at address %p, xrefs: 61D402D8
                                                                                                                                                                                                                              • VirtualProtect failed with code 0x%x, xrefs: 61D4028A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: QueryVirtual
                                                                                                                                                                                                                              • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                                                                                              • API String ID: 1804819252-2123141913
                                                                                                                                                                                                                              • Opcode ID: 245c402e0037b43b7d39f4a39895440efb5a4181a42af94f23be7376f21a9bd0
                                                                                                                                                                                                                              • Instruction ID: 14627c187cf57d0ab7290cc314b188b48f31dd8febbed587d23453907ee6c935
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 245c402e0037b43b7d39f4a39895440efb5a4181a42af94f23be7376f21a9bd0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB51D072711B8186EB118F65E8807DD7BB2BB99BE8F08C225DE6D873A4DB38C145C340
                                                                                                                                                                                                                              Function 00007FF6DFF77210 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 155COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID: _image_data$exit$rename ::source ::_source$source$tclInit$tcl_findLibrary
                                                                                                                                                                                                                              • API String ID: 1294909896-1126984729
                                                                                                                                                                                                                              • Opcode ID: 4f97813898d0e82c68c1b43f910c7e0772f53d5d16a6d67dba98679f5fe9d432
                                                                                                                                                                                                                              • Instruction ID: 33d603ea0ea8db5aa824c65d07c9247fe9ad312b5d5ffe7f46b8351212428843
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f97813898d0e82c68c1b43f910c7e0772f53d5d16a6d67dba98679f5fe9d432
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B571D67AA18A4695EB109F22E8543AD7360FB48F89F444537DEAE87364DF7CD528C340
                                                                                                                                                                                                                              Function 00007FF8A86E3CFC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 114stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _stricmpstrchrstrncmp
                                                                                                                                                                                                                              • String ID: ..\s\crypto\store\store_lib.c$T$file
                                                                                                                                                                                                                              • API String ID: 3017659097-909561481
                                                                                                                                                                                                                              • Opcode ID: 94695937190c370bd88603ba5bc26eacff36c81e81dd62bae27b8822d5c22d59
                                                                                                                                                                                                                              • Instruction ID: a4610bac923c62ccdf45b1595aa8bf270fece5c9fbeb41cfc65a4723f27db540
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94695937190c370bd88603ba5bc26eacff36c81e81dd62bae27b8822d5c22d59
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88416D32B0AA46AAEE11DF12E8445A973A4FF88BC4F444035DE4D07B55EF3CE505CB68
                                                                                                                                                                                                                              Function 00007FF8A8514310 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                              • API String ID: 3545102714-2474051849
                                                                                                                                                                                                                              • Opcode ID: 012e52d84fab340038f5fd1d65e5c1f6b6d5bcf4fe07dedc07daed0958e62186
                                                                                                                                                                                                                              • Instruction ID: 07408b9db59ae43c2d3d38c1a341fa61696cedf5292792903e271e148be57904
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 012e52d84fab340038f5fd1d65e5c1f6b6d5bcf4fe07dedc07daed0958e62186
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC318E25B0A656A2FB50AB15E88037D6362FF84BC4F949131DE0D47B94DF3DE892C368
                                                                                                                                                                                                                              Function 00007FF8A8514DEC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                              • API String ID: 3545102714-4190364640
                                                                                                                                                                                                                              • Opcode ID: 47084e6ccdc459a5d60dfcf5406ef7f9b64166578da1376eda7b7de69ad12f09
                                                                                                                                                                                                                              • Instruction ID: d62328926d151a8a151b7edb7ac57a86536187a94af4a1d754da9322c9747d45
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47084e6ccdc459a5d60dfcf5406ef7f9b64166578da1376eda7b7de69ad12f09
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C318E21B1A646A1EB50AB46D89037923A2FF84BC4F589131DE0D47B95DF3DE896C328
                                                                                                                                                                                                                              Function 00007FF8A8514FB8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                              • API String ID: 3545102714-2385192657
                                                                                                                                                                                                                              • Opcode ID: be80234e51299d3dba1d27007bdc3e3ec6a2cb79f5516fc0aff3a1b583224e1a
                                                                                                                                                                                                                              • Instruction ID: 95d2dd09fa3431227d456fb25de7344664e8b5d7b620a75e23faf9307b89ca65
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be80234e51299d3dba1d27007bdc3e3ec6a2cb79f5516fc0aff3a1b583224e1a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01317E25B1A646E6FB60AB95DC503792361EB84FC4F948431DE0D47794DF3EE842C3A8
                                                                                                                                                                                                                              Function 00007FF6DFF780B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcscat$ByteCharMultiWide_wrmdirwcslen
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 3789554339-3944641314
                                                                                                                                                                                                                              • Opcode ID: cac3fac06264cf2f5e23da05bebe8a757f603e3afced9d60fe56963d829627f6
                                                                                                                                                                                                                              • Instruction ID: 3a79807f60ce151809273daf3a539580d4314bc22d292cbdff9c23e7b4075070
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cac3fac06264cf2f5e23da05bebe8a757f603e3afced9d60fe56963d829627f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D21DD51F0854244EA60AA13AC056BE9751BB85FE5FD88933EE2E877C6DE7CE461C304
                                                                                                                                                                                                                              Function 61CC97B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61CC9877
                                                                                                                                                                                                                              • recursion limit exceeded, xrefs: 61CC9EF0
                                                                                                                                                                                                                              • bad marshal data (unknown type code), xrefs: 61CC9EC7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                                              • String ID: EOF read where object expected$bad marshal data (unknown type code)$recursion limit exceeded
                                                                                                                                                                                                                              • API String ID: 1450464846-1585441539
                                                                                                                                                                                                                              • Opcode ID: de466e8691c2841b711b24101c2ffa991241660d26798b20a140f24b12d9d672
                                                                                                                                                                                                                              • Instruction ID: 617e1c40f20c2c93dd7c44c53c1b8285d5333b994cca347de4f28e64ef40b031
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de466e8691c2841b711b24101c2ffa991241660d26798b20a140f24b12d9d672
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7331A432204A84D1EB118F1DE8847DE77B1FB89B99F458611DE4917374EF39C89AC301
                                                                                                                                                                                                                              Function 00007FF6DFF76600 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen
                                                                                                                                                                                                                              • String ID: %U?%llu$Failed to append PYZ entry to sys.path!$Installing PYZ: Could not get sys.path!$path$strict$utf-8
                                                                                                                                                                                                                              • API String ID: 39653677-372213108
                                                                                                                                                                                                                              • Opcode ID: ad6469434e16e444b467f2237217c5c1b6908c5ff4eac4261832d946bacd06fa
                                                                                                                                                                                                                              • Instruction ID: 8e58cf26accd32eb8e2fb2244b0d440959714c56669f2723740acffded19ea13
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad6469434e16e444b467f2237217c5c1b6908c5ff4eac4261832d946bacd06fa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D112C66E09A1691EA109F2AF8540AD6360AF89FD4B844133DD2EC73A0EE3CE525C700
                                                                                                                                                                                                                              Function 61CC9BE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (bytes object size out of range), xrefs: 61CCA932
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Bytes_Err_FromOccurredSizeStringmemcpy
                                                                                                                                                                                                                              • String ID: bad marshal data (bytes object size out of range)
                                                                                                                                                                                                                              • API String ID: 2675459810-66224825
                                                                                                                                                                                                                              • Opcode ID: dff7100d27f901b6f3801151527ff4bee7996ec9a93b319a330600d7ccb6ade7
                                                                                                                                                                                                                              • Instruction ID: 32a8ee8a2e76f99a537618dde77a53313870455b16a145b637b65764c125f254
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dff7100d27f901b6f3801151527ff4bee7996ec9a93b319a330600d7ccb6ade7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB11F671646691C2EA14DF56D48CB9F2766B78AFC8F05C514CA0E07728FF39D886C386
                                                                                                                                                                                                                              Function 61CD0D60 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Number_$DeallocErr_InvertNegativePositiveString
                                                                                                                                                                                                                              • String ID: Invalid operator
                                                                                                                                                                                                                              • API String ID: 4031754375-2676212410
                                                                                                                                                                                                                              • Opcode ID: b941b830091611690a514e88646ff26d2903e98a8aaccfee036b41733de4cc1a
                                                                                                                                                                                                                              • Instruction ID: d5549f671c1fd6101b3d545849d467217fe7ac589684bfcc9a50431fecc9b5df
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b941b830091611690a514e88646ff26d2903e98a8aaccfee036b41733de4cc1a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59F06D30A55A00C1EA544BBDEC8436D7772B78AB89F4C8422DB5986228EF3990B8C342
                                                                                                                                                                                                                              Function 61D412D0 Relevance: 9.1, APIs: 6, Instructions: 137stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _stat64$freemallocmemcpystrlen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4289191721-0
                                                                                                                                                                                                                              • Opcode ID: 2e8b4db83b12a41ffbe3facdde420b2ac2544ea1a3acc10374bbb150b9bb6a37
                                                                                                                                                                                                                              • Instruction ID: 64dd7a0734dff31e6108067c1acd4805725a5123beaf2230c0f424fdc2296807
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e8b4db83b12a41ffbe3facdde420b2ac2544ea1a3acc10374bbb150b9bb6a37
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D51E366509790C9E7108F62E04436E7BB2E78EBD9F44C012DAD807B59E73EE069CB52
                                                                                                                                                                                                                              Function 00007FF8A86949F0 Relevance: 9.1, APIs: 6, Instructions: 107COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: X509_get0_pubkeyY_security_bits$X509_get_extension_flagsX509_get_signature_info
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3342971904-0
                                                                                                                                                                                                                              • Opcode ID: 57c433630263e826098e8d087384db3c34246c5951d235796df77858b70895b9
                                                                                                                                                                                                                              • Instruction ID: d594a3c899263e8606cd65be3edb3d0af67d709ca359814add672d255c13cc37
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57c433630263e826098e8d087384db3c34246c5951d235796df77858b70895b9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F041D421F0EA8262FAA0AA52B409BB97691FF807D4F046034ED4D47BCADF3CD401872C
                                                                                                                                                                                                                              Function 00007FF6DFF783E0 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$_wfopenstrcpystrtok
                                                                                                                                                                                                                              • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                              • API String ID: 1482442392-3501660386
                                                                                                                                                                                                                              • Opcode ID: 18c2ca3e78db836f2b3fe8a3d0f4bf4cc57b38fe68348610c0a1eebdd24d09e8
                                                                                                                                                                                                                              • Instruction ID: 66986095362532970fccddaa31adabbbff24812e6ffd96b8422ebce680953f0d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18c2ca3e78db836f2b3fe8a3d0f4bf4cc57b38fe68348610c0a1eebdd24d09e8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE219461E0C60354F6209F23A9402BEA7919F447D5F648933ED3EC72D5EE6CE535C250
                                                                                                                                                                                                                              Function 61CD0320 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dict_Item$Eval_Globals
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 298195719-0
                                                                                                                                                                                                                              • Opcode ID: 9db0bfdc82bb039ba27e762e529bab07152fa7c5a080c6e59e8e8447cb2a1ebe
                                                                                                                                                                                                                              • Instruction ID: 67e9b758069d16cb66af9f01e9e3db2be819ff5a8ee34a710bc67822fb20f2b0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9db0bfdc82bb039ba27e762e529bab07152fa7c5a080c6e59e8e8447cb2a1ebe
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF1151A2F06611C3FD4A97AE7C5438E1152AB88FD4F4DC531CE0986714FE39C8E2C210
                                                                                                                                                                                                                              Function 00007FF8A8648920 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Y_free$X_ctrlX_freeX_new_idY_new
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1769623012-0
                                                                                                                                                                                                                              • Opcode ID: b53d1716d785c333dc753c8b2c9d948b5c220320da8a2cf2c78b6077238e4766
                                                                                                                                                                                                                              • Instruction ID: f2d8a22dbaaf8170fc5a568a2e355d81a436533cb5800ab569c8f142ed05a4ca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b53d1716d785c333dc753c8b2c9d948b5c220320da8a2cf2c78b6077238e4766
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83219231A0AA4250FA90AB19A15537E6AA0DF867C4F182034FE9D877D6DF7CE4918728
                                                                                                                                                                                                                              Function 00007FF6DFF781F0 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcscatwcscmp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3846154227-0
                                                                                                                                                                                                                              • Opcode ID: 974bd8c1c9debbc482e50048efbc0f4631982c5f6d31e8f5a8375c716da2798c
                                                                                                                                                                                                                              • Instruction ID: aa7d4edda39be45c0bbf673dc59b7a66e14ec0891eec208b7a0d38cf84aaa781
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 974bd8c1c9debbc482e50048efbc0f4631982c5f6d31e8f5a8375c716da2798c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE116650F4CA4244FA64AB62AC106FD97805F44FCAF688933ED2ED7682EE6CF565C200
                                                                                                                                                                                                                              Function 00007FF8A863191F Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                              • API String ID: 0-1507966698
                                                                                                                                                                                                                              • Opcode ID: 4a20fbfa3d0e027faae482f5d9e1c92d8031dc91055f4ded3c6d5328e2221402
                                                                                                                                                                                                                              • Instruction ID: 9e7e7ec38e9f8b68264e179c1aed83e90190eea3562d953995f7a5cbb2e1cebd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a20fbfa3d0e027faae482f5d9e1c92d8031dc91055f4ded3c6d5328e2221402
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5B182A1A0E642A5FB609E22D8183BA6794EF84FC8F186031DE8D477C5DF3DE5418768
                                                                                                                                                                                                                              Function 61CCFC80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Failed to alloc memory for spp code, xrefs: 61CCFECB
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocVirtualexitmemcpy
                                                                                                                                                                                                                              • String ID: Failed to alloc memory for spp code
                                                                                                                                                                                                                              • API String ID: 693558432-822294455
                                                                                                                                                                                                                              • Opcode ID: 980d77be96267a13e111807d9adfdb519b4df5e23e6beef7f6a54f4d3dcc0297
                                                                                                                                                                                                                              • Instruction ID: 2e5d4c67a655602b0c4cf759806697e50ec1714fa4de9cd705a68a0fb86fb571
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 980d77be96267a13e111807d9adfdb519b4df5e23e6beef7f6a54f4d3dcc0297
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75517AB2702B44C6EB158F4AE88479C77A5FB48FD4F48812ADE6C07794EB38C861C741
                                                                                                                                                                                                                              Function 00007FF6DFF82F08 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwprintf$fputwc
                                                                                                                                                                                                                              • String ID: %*.*s$%-*.*s$%.*s
                                                                                                                                                                                                                              • API String ID: 2988249585-4054516066
                                                                                                                                                                                                                              • Opcode ID: d6417dfda2078b4447efd06462b0ebb0257d965d566ff2bcbec1a803eaf523e4
                                                                                                                                                                                                                              • Instruction ID: 470a58fe9e66724bbe8e8a8e223da522ea5263e7df3ead5fb2985e6253d07bb7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6417dfda2078b4447efd06462b0ebb0257d965d566ff2bcbec1a803eaf523e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE71DCB6B04B8ACAD750CF2AC8815AD77E0F748B9CB118526EE5D87768DF38D550CB40
                                                                                                                                                                                                                              Function 00007FF8A87A6F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: getnameinfohtonsmemset
                                                                                                                                                                                                                              • String ID: $..\s\crypto\bio\b_addr.c
                                                                                                                                                                                                                              • API String ID: 165288700-1606403076
                                                                                                                                                                                                                              • Opcode ID: a54a86e0d0d66bceffd3aa82d26d7bd0329323ae4690f52601e7025a57f027ce
                                                                                                                                                                                                                              • Instruction ID: 90db3aada29804f91ab9b446dd0459eb1e601a67e970a41e261ad59c02e233da
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a54a86e0d0d66bceffd3aa82d26d7bd0329323ae4690f52601e7025a57f027ce
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A51D431A0A647A6FB209B25E4446BAB3A0FF407C4F448035EBCD47695EF3DE855C728
                                                                                                                                                                                                                              Function 00007FF8A85144EC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$decomposition
                                                                                                                                                                                                                              • API String ID: 1875788646-2471543666
                                                                                                                                                                                                                              • Opcode ID: 4c53be9b8f552ee43dd90cc3096167e2a1c9df2ddc1314562ec96646c81930ba
                                                                                                                                                                                                                              • Instruction ID: efcff5ba27cf803361ea9088967e89b313a69a8ca1c6851f7a75297969afd4ba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c53be9b8f552ee43dd90cc3096167e2a1c9df2ddc1314562ec96646c81930ba
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9121E061B0A60662FB54AB11DCA13792292FF44BE6F456535CF0E473C4DF2CE8458368
                                                                                                                                                                                                                              Function 00007FF8A85148A8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                              • API String ID: 1875788646-3913127203
                                                                                                                                                                                                                              • Opcode ID: fb352311836accbea4a66cd0df6d031baa96ea22bf904cb676007f8a9435163a
                                                                                                                                                                                                                              • Instruction ID: c1bc2983e6a5474f1fad2bcbc4b223fde39c05de947c971d7c54e48fdd3522c0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb352311836accbea4a66cd0df6d031baa96ea22bf904cb676007f8a9435163a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7821BC61B0A64BA2FB64AB15CC613791293FF44BD4F48A435CE4D973C4CF2DE8458368
                                                                                                                                                                                                                              Function 00007FF6DFF77BB0 Relevance: 8.8, APIs: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$malloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3157260142-0
                                                                                                                                                                                                                              • Opcode ID: 99450ef088cafccd7e2f02e1b56cf9c15352fb26ea6aea84f26f586980f0ae0b
                                                                                                                                                                                                                              • Instruction ID: 0675d6db0c8971358b7866bccb280e4f83368b4bbc989daf64ff1b6dfad210ff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99450ef088cafccd7e2f02e1b56cf9c15352fb26ea6aea84f26f586980f0ae0b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2611A042F1F58718FE6AA95329156BF8FC11F49FD8D084432DD6E8F781ED6CA8618340
                                                                                                                                                                                                                              Function 61CD09B5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CD09A4
                                                                                                                                                                                                                              • PyErr_GivenExceptionMatches.PYTHON310 ref: 61CD09E6
                                                                                                                                                                                                                              • PyTuple_Size.PYTHON310 ref: 61CD0A93
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 61CD0B01
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • catching classes that do not inherit from BaseException is not allowed, xrefs: 61CD0AF5
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$DeallocExceptionGivenMatchesSizeStringTuple_
                                                                                                                                                                                                                              • String ID: catching classes that do not inherit from BaseException is not allowed
                                                                                                                                                                                                                              • API String ID: 1667255942-1287988286
                                                                                                                                                                                                                              • Opcode ID: d312035e6fbfccc0f77266528b43cfea2ee77e8fec05cd5d5d6d73507cc8f0b0
                                                                                                                                                                                                                              • Instruction ID: efa1dc356422e046c7968e6bbeebe0d298c25d9ed391ef1e422e980ed2eb067a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d312035e6fbfccc0f77266528b43cfea2ee77e8fec05cd5d5d6d73507cc8f0b0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C213872B05B80C1EA058B6AE44575E37A1A782F98F089125CF4D87714EF39C4A5C342
                                                                                                                                                                                                                              Function 00007FF8A85150FC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                              • String ID: not a numeric character
                                                                                                                                                                                                                              • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                              • Opcode ID: a5aed27e65b1845b914b44b9553a30306c9ecc744d4ab8f0d532b9cb7582d048
                                                                                                                                                                                                                              • Instruction ID: a236d78e69f18900cb8dc97f05038ca99985b2f749316afec3251da242d5ecb2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5aed27e65b1845b914b44b9553a30306c9ecc744d4ab8f0d532b9cb7582d048
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60118F21A4E942B1FB66AB25EC58138A3A1EF44BC0F189130CE9E47755DF3CE8858328
                                                                                                                                                                                                                              Function 00007FF8A8514454 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                              • String ID: not a decimal
                                                                                                                                                                                                                              • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                              • Opcode ID: 83868f42624fc03e7ef33afa582ccf117a917432c82265fef522e4270e5ff679
                                                                                                                                                                                                                              • Instruction ID: e04d43efcb9ebefd40b199b0da20b962bb84098a596524b8fb2c4505aeb83966
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83868f42624fc03e7ef33afa582ccf117a917432c82265fef522e4270e5ff679
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C211C229B0AA42A1FB54AB52EC9413C63A2FF88BD4F085430CE4E47650DF6CE8858328
                                                                                                                                                                                                                              Function 00007FF8A8511F20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_strncmp$DataFormatFromKindStringUnicode_
                                                                                                                                                                                                                              • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                              • API String ID: 2291325159-4056717002
                                                                                                                                                                                                                              • Opcode ID: 81effdfe3f462414053b1b5a6252b44d90fbb8fd9dbad0e5fc44ef7eb271089f
                                                                                                                                                                                                                              • Instruction ID: 1d404d79dad2f64fabc04e13bc3105bef80282f5c2d22dbbd01d6863bac9c8c4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81effdfe3f462414053b1b5a6252b44d90fbb8fd9dbad0e5fc44ef7eb271089f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7111C71E5A947A1EB40AB54DC942B863A0FF48BD9F411031CF4D472A1EF6DE189C728
                                                                                                                                                                                                                              Function 00007FF8A85125E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                              • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                              • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                              • Opcode ID: 4aee792f5c66c47e9953fad9dee25fce8d59659e004b9cbed73430be2ab25bbe
                                                                                                                                                                                                                              • Instruction ID: ca2d0d8823f4b0e3d55e76a097b709d771dd71849b6662b4acfc39e5d05c2c4c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4aee792f5c66c47e9953fad9dee25fce8d59659e004b9cbed73430be2ab25bbe
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9F01434A2AB82A5EB01AB51EC541B9A2A4FF08BC5F481431CE4E063A4EF2CE444C338
                                                                                                                                                                                                                              Function 61CD0F40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • local variable referenced before assignment, xrefs: 61CD0F8B
                                                                                                                                                                                                                              • No active exception to reraise, xrefs: 61CD0F6C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Format$Occurred
                                                                                                                                                                                                                              • String ID: No active exception to reraise$local variable referenced before assignment
                                                                                                                                                                                                                              • API String ID: 1084603930-1116140797
                                                                                                                                                                                                                              • Opcode ID: 3c5676555e1ccbe607c6af97c72af0f3cce02b93529c53c71c53942217867f48
                                                                                                                                                                                                                              • Instruction ID: 48fdd7d66ae0d19eb4855888b33e8f6141d532f6d89b6440b47aa9090c34f2ad
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c5676555e1ccbe607c6af97c72af0f3cce02b93529c53c71c53942217867f48
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67F0F870B0170591EE059BF9E88439C23A2AB8CB99F598452C90987229EF2EC0B9C380
                                                                                                                                                                                                                              Function 00007FF8A86E1064 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 270stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmovestrncpy
                                                                                                                                                                                                                              • String ID: ..\s\crypto\x509\x509_obj.c$0123456789ABCDEF$NO X509_NAME
                                                                                                                                                                                                                              • API String ID: 3054264757-3422593365
                                                                                                                                                                                                                              • Opcode ID: 5eff037eaf7809de7dcaa94f4735428a5fed0677689cfa2f15099d1506398b4d
                                                                                                                                                                                                                              • Instruction ID: f075969f8cf204bef15e5c10be060c5312af8694c544c4f8e918561326ca299c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5eff037eaf7809de7dcaa94f4735428a5fed0677689cfa2f15099d1506398b4d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83B10122B0E686A7FB208F15944477ABB90FB85BC8F0451B5DE9D47795EF3CE4018728
                                                                                                                                                                                                                              Function 61CD2D90 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: sprintfstrlen
                                                                                                                                                                                                                              • String ID: ../src/platforms/windows/hdinfo.c$/%d:$No any serial number of harddisk got
                                                                                                                                                                                                                              • API String ID: 1090396089-4267867539
                                                                                                                                                                                                                              • Opcode ID: da3c1da5c0e8525cfde91121c83bfcfaaa80724b55f9b6edcbc2cab5bb823525
                                                                                                                                                                                                                              • Instruction ID: 014f1ab4e323cc4482a36d59baa47c7ebf34ec4d477f11de9e80377474f8ac11
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da3c1da5c0e8525cfde91121c83bfcfaaa80724b55f9b6edcbc2cab5bb823525
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57315F63F15450C9E7118BB99C703ED6622A786BE5F4CC221CF154BA88F63985C6D381
                                                                                                                                                                                                                              Function 61CD1D20 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyFunction_NewWithQualName.PYTHON310 ref: 61CD1D6C
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CD1DF7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DeallocFunction_NameQualWith
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2691592392-0
                                                                                                                                                                                                                              • Opcode ID: 1a55e975d29ee81b9b2da0510e07f74fe34e5236762643575ac595d9569f79da
                                                                                                                                                                                                                              • Instruction ID: a1debf71cb34478efb11a343760c81a56cf4479e1e8dbe757e760aa3bbba9877
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a55e975d29ee81b9b2da0510e07f74fe34e5236762643575ac595d9569f79da
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99313D32A46A40C6FA1AAFAEA5483AD66B5F746BD4F08C524DF1906B14FF39C0A1C341
                                                                                                                                                                                                                              Function 61CE1600 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: N != NULL$src/math/rand_prime.c
                                                                                                                                                                                                                              • API String ID: 0-3192267683
                                                                                                                                                                                                                              • Opcode ID: 7052025decee00892cf934be965deca4c5149d92bd0ad269c99f97e788122213
                                                                                                                                                                                                                              • Instruction ID: 28b39cec87859f8e912bdf72db03166b7237278cb15c68be84c53a105c20c50c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7052025decee00892cf934be965deca4c5149d92bd0ad269c99f97e788122213
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9313822744685C5E711CF5BA8087AE6B79F786BD8F888125ED0A47B94EF3CC492CB00
                                                                                                                                                                                                                              Function 61CC9CD3 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61CC8C60: memcpy.MSVCRT ref: 61CC8CB9
                                                                                                                                                                                                                                • Part of subcall function 61CC8C60: PyOS_string_to_double.PYTHON310 ref: 61CC8CCB
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC9CF7
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC9F9D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Occurred$S_string_to_doublememcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 282781714-0
                                                                                                                                                                                                                              • Opcode ID: a79a8f89cde281577151578a56506cb0248cbdb42f4f5b33e10a71c30f821eec
                                                                                                                                                                                                                              • Instruction ID: 2e46e54fec06f29881b11d0b9de94a2590a16d0240e26ecce6a49f1c7c968090
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a79a8f89cde281577151578a56506cb0248cbdb42f4f5b33e10a71c30f821eec
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D115131A46651CAEA158FA5D45C75F3766BB96FC8F05D201C90A37224FF35DC82C382
                                                                                                                                                                                                                              Function 61CC9E40 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61CC8810: _PyFloat_Unpack8.PYTHON310 ref: 61CC8841
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC9E64
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC9F3D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Occurred$Float_Unpack8
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3006406168-0
                                                                                                                                                                                                                              • Opcode ID: a79fc84de640a930197273e5da00a22eee8ce3cf4c63c090c9994fd08baf47ff
                                                                                                                                                                                                                              • Instruction ID: c5d1c756892de9bd193a9fb69795a7da61dfdc2f36cc93905b3f98c2779d9465
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a79fc84de640a930197273e5da00a22eee8ce3cf4c63c090c9994fd08baf47ff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02116032A46651C6EA168FA6D05C75F3766BB96FD8F09D201C90A27224FF35DC82C782
                                                                                                                                                                                                                              Function 00007FF6DFF729E0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DialogLongWindow$InvalidateRect
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1200242243-0
                                                                                                                                                                                                                              • Opcode ID: 28415b81cc461644b9bde5041361b6faa17e91a7d6b1d99a581dc0e61d36b3c2
                                                                                                                                                                                                                              • Instruction ID: 758476059aad64da1f9ea33b667355a24cf0f8d91833607470bf6581cebcb866
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28415b81cc461644b9bde5041361b6faa17e91a7d6b1d99a581dc0e61d36b3c2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE01B531F1C46742F7782B2A68441BCA382EF99B51F5584B3DD1EC3B95CD3C68E29A01
                                                                                                                                                                                                                              Function 61D1DCC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: abortfwrite
                                                                                                                                                                                                                              • String ID: '$illegal index register
                                                                                                                                                                                                                              • API String ID: 1067672060-451399654
                                                                                                                                                                                                                              • Opcode ID: 34c0a7d68c99f4657867cb4da4b6bd9e51cddee9c64334fe5635c42e0776d7cc
                                                                                                                                                                                                                              • Instruction ID: cdff583be676e1dc9e5abdebad16c908837f2d45908dfaafa64aaf6110aa5181
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34c0a7d68c99f4657867cb4da4b6bd9e51cddee9c64334fe5635c42e0776d7cc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF91677761AB86C4EB128F3DE885A4C3F65A399F88B9AC112CA8C47714CB7EC556C310
                                                                                                                                                                                                                              Function 00007FF8A86E2833 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ..\s\crypto\async\async.c$T
                                                                                                                                                                                                                              • API String ID: 0-2182492907
                                                                                                                                                                                                                              • Opcode ID: 6ec075fdda66d5d55aeeb852daaafe16ebb7e8afc92208851d75e406c330d3e0
                                                                                                                                                                                                                              • Instruction ID: 97b5fe5ef871d754cbaef0fed4e48eeedc5bc795a3adda852c74b1efeb15642e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ec075fdda66d5d55aeeb852daaafe16ebb7e8afc92208851d75e406c330d3e0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2518E31A0AA43A6FB20DF21D4185B9A761FF44BC4F045035EA4D07B95EF3DE649DB28
                                                                                                                                                                                                                              Function 00007FF6DFF7E490 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: CCG
                                                                                                                                                                                                                              • API String ID: 0-1584390748
                                                                                                                                                                                                                              • Opcode ID: d250d892eb8f1a517ca8d111c4faaae7f46539765e284bd4c425852093292da5
                                                                                                                                                                                                                              • Instruction ID: e78c2964a53f32d1a9ed32512d217c7ac9fb974b02fb810f8d47eec562e415e2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d250d892eb8f1a517ca8d111c4faaae7f46539765e284bd4c425852093292da5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D412072E18606CAFB208B64C9543BE6361EB44758F114A37CA3DC77E8DE3CE5719641
                                                                                                                                                                                                                              Function 61CCFEF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81memoryfileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Failed to alloc memory for bcc code, xrefs: 61CCFFE7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocVirtualfwritememcpy
                                                                                                                                                                                                                              • String ID: Failed to alloc memory for bcc code
                                                                                                                                                                                                                              • API String ID: 1603020442-783995166
                                                                                                                                                                                                                              • Opcode ID: c1d2b6d8259435a2e1127bcb9523e9cf4837a8b5c2099e7085973ed5f713512b
                                                                                                                                                                                                                              • Instruction ID: a7cb90292fa67e4daded98ba1fe623186f73a9f96ad257a8ff56f79de4b78375
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c1d2b6d8259435a2e1127bcb9523e9cf4837a8b5c2099e7085973ed5f713512b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C216BB2702B548ADB548F5AE84076D7BA4F70DFD9F488526DE4D43754EA38C4A2C390
                                                                                                                                                                                                                              Function 61CC9980 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (string size out of range), xrefs: 61CCA01F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$OccurredString
                                                                                                                                                                                                                              • String ID: bad marshal data (string size out of range)
                                                                                                                                                                                                                              • API String ID: 114435612-3115314950
                                                                                                                                                                                                                              • Opcode ID: cf5d26cb646b6e0b08b9da1f91e8f295e36aedc3bee6580d0cdf0c8c023d297b
                                                                                                                                                                                                                              • Instruction ID: 1e9e0599e04dfd1e3b658787b4d7903d4d35268b1e8a496c898c4af0deabf1ea
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf5d26cb646b6e0b08b9da1f91e8f295e36aedc3bee6580d0cdf0c8c023d297b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A11A332702691C5EA128F59E44479F63A1AB88FD9F09C120CE4D17764FF39D8C6D381
                                                                                                                                                                                                                              Function 61CC2ECE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Formatexit
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$\(
                                                                                                                                                                                                                              • API String ID: 2212715685-1109738240
                                                                                                                                                                                                                              • Opcode ID: 0c252aa529eea7cdea6bf8b75a94a0a15d0c63d3396d4c66fa634e14f8c3ef93
                                                                                                                                                                                                                              • Instruction ID: 39126b99e556cd882893762b3ee76960c26a8e39c0d8944688790d3b2c7e4532
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c252aa529eea7cdea6bf8b75a94a0a15d0c63d3396d4c66fa634e14f8c3ef93
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC11A072352A84C4FB41CB65E89039D3761F785B94F49A412DD1E0B794DF3CC542C741
                                                                                                                                                                                                                              Function 00007FF6DFF72CD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DFF78EF0: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF6DFF72F00), ref: 00007FF6DFF78F26
                                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF6DFF72D53
                                                                                                                                                                                                                              • MessageBoxA.USER32 ref: 00007FF6DFF72D7B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to get UTF-8 buffer size.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 1878133881-785100509
                                                                                                                                                                                                                              • Opcode ID: 7f5320ca9c022b5a5880cc99aba030728f2a4c067df74a4bd38cf457f7fd81ef
                                                                                                                                                                                                                              • Instruction ID: b926aa467ec84e4f2eb51ee7f183d300fb0ec4147c6839f7f52eaf8f8861ed6f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f5320ca9c022b5a5880cc99aba030728f2a4c067df74a4bd38cf457f7fd81ef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2501D23270878040EB301B26A8057EEA281A748BD5F488436CE4D57B85DE3CD596CB40
                                                                                                                                                                                                                              Function 61CC9D20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$String$Occurred
                                                                                                                                                                                                                              • String ID: bad marshal data (invalid reference)
                                                                                                                                                                                                                              • API String ID: 1118661901-2759865940
                                                                                                                                                                                                                              • Opcode ID: 1320ded661b5327d561ca89795eac828451a0e9d12c6fb8b0c1db9cb0f167219
                                                                                                                                                                                                                              • Instruction ID: 48ab1ab3f1988d9c3c870d33bbe2afdcbf43f48ebcc3fecf7fad068c43c0b578
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1320ded661b5327d561ca89795eac828451a0e9d12c6fb8b0c1db9cb0f167219
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB111B71600A41D2EA04CF6AD48875F3772F789FD8F05D601CA0917324EF36C899C382
                                                                                                                                                                                                                              Function 00007FF8A86E139D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastsocket
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_sock2.c$2
                                                                                                                                                                                                                              • API String ID: 1120909799-2051290508
                                                                                                                                                                                                                              • Opcode ID: e8a12f5860b331eeb5ce7d2c174626199a70c7f9dd546f5556fd5a57dc2f225c
                                                                                                                                                                                                                              • Instruction ID: bbb113bcb9d390ee96baef077aeb74423e51fa49f228ac84f97b08488b6e2ca4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8a12f5860b331eeb5ce7d2c174626199a70c7f9dd546f5556fd5a57dc2f225c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D801D231E09542A7F7209B21E4041ADA264FF447D4F604639E7AC47AE5EF3DE901CB68
                                                                                                                                                                                                                              Function 00007FF6DFF74420 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharFileModuleMultiNameWide
                                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                              • API String ID: 1532159127-1977442011
                                                                                                                                                                                                                              • Opcode ID: 32aec0e32114a87591ef6c700c884524eb8b134af1a94f75ba6e9a037605cee3
                                                                                                                                                                                                                              • Instruction ID: f583215f5a875d78b95783f26efdf387e37190ee78a53fc549733cbb6ba6bcb9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32aec0e32114a87591ef6c700c884524eb8b134af1a94f75ba6e9a037605cee3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF049A2F1C50381FA616B22AC453BD83519F497C4F444437EC2EC76AAEE1CEA6A9710
                                                                                                                                                                                                                              Function 61CD22F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • ../src/platforms/windows/hdinfo.c, xrefs: 61CD2330
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                              • String ID: ../src/platforms/windows/hdinfo.c
                                                                                                                                                                                                                              • API String ID: 1365068426-2451707101
                                                                                                                                                                                                                              • Opcode ID: 1f1a645403c6812d9335ff6b9acb0e956dbee2b1c85c3c722e2227f5a9c025bb
                                                                                                                                                                                                                              • Instruction ID: 1a7db6b2fbf6c304026f98ba7d31e9012e9d651de69dd5a5a8494e7446dfba3a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f1a645403c6812d9335ff6b9acb0e956dbee2b1c85c3c722e2227f5a9c025bb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8BF03931314A41D2E7109B51E89438E7B72F7C9B89F544129DA8E43B68EF3EC15ACB80
                                                                                                                                                                                                                              Function 00007FF6DFF782D0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$strcpystrtok
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3698421117-0
                                                                                                                                                                                                                              • Opcode ID: f2f6744582b3b3a9e2a042d8d2a6c592d89531f91eeef15a632d85d9a8bc4e89
                                                                                                                                                                                                                              • Instruction ID: b8475b2591d12c133d246253e671aff8f744a5e5112a542897883eb47202bfdb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2f6744582b3b3a9e2a042d8d2a6c592d89531f91eeef15a632d85d9a8bc4e89
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD21AE61F0960341FA21A616A8153FE97819F45FE5F884533ED2EDB782EE2CE565C240
                                                                                                                                                                                                                              Function 00007FF8A8511FE0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strncmp
                                                                                                                                                                                                                              • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                              • API String ID: 1114863663-87138338
                                                                                                                                                                                                                              • Opcode ID: b4ef4179bf0a52eb89c3ccaad0542fa4ed29e9dc5726da8d4cf56c5f82179dfe
                                                                                                                                                                                                                              • Instruction ID: a89e7af3b5c1bc02b79ca51fa328e2256ddae8453f5300478c32177c6067e351
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4ef4179bf0a52eb89c3ccaad0542fa4ed29e9dc5726da8d4cf56c5f82179dfe
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23612732B1924256E664EF2AEC006BAB6A2FF80BD0F048235EE5D876D9DF3CD505C714
                                                                                                                                                                                                                              Function 00007FF8A8793900 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 155stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strncmp
                                                                                                                                                                                                                              • String ID: content-type
                                                                                                                                                                                                                              • API String ID: 1114863663-3266185539
                                                                                                                                                                                                                              • Opcode ID: 44acbf2d3993856e814bab54a766b8caadb646d7408b06c8891a0bf5bc442f4a
                                                                                                                                                                                                                              • Instruction ID: eb333e9ddec305639529c7fec2fd5a1cabb00c022051af67ab72c7b76bd25a60
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44acbf2d3993856e814bab54a766b8caadb646d7408b06c8891a0bf5bc442f4a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92510722B4FD4362FAA09726994477A6291FF84BE4F442230ED5D877D5FF2CE5028328
                                                                                                                                                                                                                              Function 61CC1010 Relevance: 6.1, APIs: 4, Instructions: 131sleepCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Sleep_amsg_exit
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1015461914-0
                                                                                                                                                                                                                              • Opcode ID: 7f94c08730947c6228815dd6f54ce1d050e9b755ec42fe89865a1b7dfa980df4
                                                                                                                                                                                                                              • Instruction ID: c1247ba77791f1ee44de29fcab81c3cea77f09e0862a56a9246b7620ada8c026
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f94c08730947c6228815dd6f54ce1d050e9b755ec42fe89865a1b7dfa980df4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1414936702654C9F7028F9FE85079A22B2B785BD5F488026CE1C87364FE3AD892C351
                                                                                                                                                                                                                              Function 61CE2270 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • src/pk/asn1/der/sequence/der_decode_sequence_multi.c, xrefs: 61CE23C2
                                                                                                                                                                                                                              • in != NULL, xrefs: 61CE23C9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: in != NULL$src/pk/asn1/der/sequence/der_decode_sequence_multi.c
                                                                                                                                                                                                                              • API String ID: 0-85593093
                                                                                                                                                                                                                              • Opcode ID: beb4f0c5486d8670ba3867b5f431a88ebb227414fc786106acc8942ea4ba706f
                                                                                                                                                                                                                              • Instruction ID: bae18420532fec27d8aa8b808620b24d9f3776b00d7648f62387532da45c066b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: beb4f0c5486d8670ba3867b5f431a88ebb227414fc786106acc8942ea4ba706f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF310432715682CAEB19CF6AE828B5D7629F785B98F488028DE0D47B44EB39C451CB40
                                                                                                                                                                                                                              Function 00007FF6DFF72BD0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to obtain/convert traceback!
                                                                                                                                                                                                                              • API String ID: 3219091393-982972847
                                                                                                                                                                                                                              • Opcode ID: 3a3a8189034183b527b6a3895ff72474e2746a44688793101d2d2c3c010006a0
                                                                                                                                                                                                                              • Instruction ID: fc935b794c4ecc42dae60d055cef241e0147faffa363122169aa5537e3775994
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a3a8189034183b527b6a3895ff72474e2746a44688793101d2d2c3c010006a0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B018441F1E29205FD6965BB09226BE83424F44FD0E5C8436ED1ECBF83ED2DE4218740
                                                                                                                                                                                                                              Function 61CC9D83 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61CC8C60: memcpy.MSVCRT ref: 61CC8CB9
                                                                                                                                                                                                                                • Part of subcall function 61CC8C60: PyOS_string_to_double.PYTHON310 ref: 61CC8CCB
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC9DA3
                                                                                                                                                                                                                              • PyFloat_FromDouble.PYTHON310 ref: 61CC9FC4
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DoubleErr_Float_FromOccurredS_string_to_doublememcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1362591179-0
                                                                                                                                                                                                                              • Opcode ID: c1c8444b6a1520ac21c139258275c8a804ef87c5cecd8c1be0ff29fad0a9fc91
                                                                                                                                                                                                                              • Instruction ID: a3825be74796af07731b3413b7d5668cb8a4811fbf3d322576535fcef77d58b8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c1c8444b6a1520ac21c139258275c8a804ef87c5cecd8c1be0ff29fad0a9fc91
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A015A31B46601C6EA148F66C09CB1F376ABB86FC8F0AD610C90527224FB34E886C7C6
                                                                                                                                                                                                                              Function 61CC9C81 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61CC8810: _PyFloat_Unpack8.PYTHON310 ref: 61CC8841
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC9CA1
                                                                                                                                                                                                                              • PyFloat_FromDouble.PYTHON310 ref: 61CC9F64
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Float_$DoubleErr_FromOccurredUnpack8
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4123378784-0
                                                                                                                                                                                                                              • Opcode ID: 91d52e6d8d877fac242e5bdaa127e5b52f9ed644aa2e048632791fd9bfac9342
                                                                                                                                                                                                                              • Instruction ID: 9d5823a2952c995aa682bd6127ad3b9117c7bf783532fbc9838c87d9eac0c0f2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91d52e6d8d877fac242e5bdaa127e5b52f9ed644aa2e048632791fd9bfac9342
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3017C31B42601C6EA058F66C49CB5F376AFB86FC8F1AD604C90527224FB35EC96C786
                                                                                                                                                                                                                              Function 00007FF8A86E4403 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmovememset
                                                                                                                                                                                                                              • String ID: $$..\s\crypto\rsa\rsa_none.c
                                                                                                                                                                                                                              • API String ID: 1288253900-779172340
                                                                                                                                                                                                                              • Opcode ID: d21027dcd5a9b13bbe407246f7de02450a785e8ee2f8b223aa31a7e0c223aae4
                                                                                                                                                                                                                              • Instruction ID: ad0915487c01003f60eaa6bdb2c5e36ae466b77371e4e4fb198f1e5ad18efcc4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d21027dcd5a9b13bbe407246f7de02450a785e8ee2f8b223aa31a7e0c223aae4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A401B131B196469AEA10EF26A98816DA361FF847D0F188230FB5C47B96DF3CE5018B08
                                                                                                                                                                                                                              Function 61CC9B80 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_FromLongLong_Occurred
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4098471257-0
                                                                                                                                                                                                                              • Opcode ID: 02c02cb3908a6d2b22e12145e244b6671a3388e6bac1f093a3c7b303e63e56ae
                                                                                                                                                                                                                              • Instruction ID: f735ef038e4ae872e23670de3f82a1bf7d31cea9617e27448f46489db2e3c8f3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02c02cb3908a6d2b22e12145e244b6671a3388e6bac1f093a3c7b303e63e56ae
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7012431B42610C3EA088F66C09CB1F2766FB86FC4F0AD114C9061B220FA39DC42C786
                                                                                                                                                                                                                              Function 00007FF8A86E6A1E Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 330COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ..\s\crypto\engine\eng_ctrl.c$b
                                                                                                                                                                                                                              • API String ID: 0-1836817417
                                                                                                                                                                                                                              • Opcode ID: fb2526c301eb0d32c8b40b06f32727c144aa8e6317cdfcefd3ba865dcecceeb2
                                                                                                                                                                                                                              • Instruction ID: 8182df9fef3b4ada42b6bd7059b5751ada83f6d06429fab5e1256177670b7490
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb2526c301eb0d32c8b40b06f32727c144aa8e6317cdfcefd3ba865dcecceeb2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2E1BF32F0A642A3FAA48B51D4047BB26A1FF807C4F544176DA8E47B91DF3CE945DB28
                                                                                                                                                                                                                              Function 00007FF8A8631933 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2093934825.00007FF8A8631000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093918703.00007FF8A8630000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093934825.00007FF8A86A3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094154948.00007FF8A86A5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094242021.00007FF8A86C8000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86CD000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86D3000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094274298.00007FF8A86DA000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8630000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: L_sk_numL_sk_value
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                                                              • API String ID: 557030205-1853348325
                                                                                                                                                                                                                              • Opcode ID: 0228143f2057f377d24a061c11b1217ac11cf72effd14e50a6742f7b32cb5b3d
                                                                                                                                                                                                                              • Instruction ID: 04cb6964ab3d5d43aea5f15a2348fef420bd9ba995dcb2d1741de674027616ba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0228143f2057f377d24a061c11b1217ac11cf72effd14e50a6742f7b32cb5b3d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9451EEB2A0AB9199F7608B11E44C36A77A9FB847C4F559176EE8C07784EF3CE041CB58
                                                                                                                                                                                                                              Function 00007FF8A86E2743 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _time64
                                                                                                                                                                                                                              • String ID: %02d%02d%02d%02d%02d%02dZ$%04d%02d%02d%02d%02d%02dZ
                                                                                                                                                                                                                              • API String ID: 1670930206-2648760357
                                                                                                                                                                                                                              • Opcode ID: 88c7a490ab53611d14af1a5616270064923f39c73e072f610315bbf64f80b1dd
                                                                                                                                                                                                                              • Instruction ID: 23f102c6703b319b5cf6dff91bdc393490c08f11590ff2cdfbf267a9c2b60339
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88c7a490ab53611d14af1a5616270064923f39c73e072f610315bbf64f80b1dd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C515332A1D7819BE760DF29F44026AF7A0FB88780F444135EA8D87B59EF3CE4818B14
                                                                                                                                                                                                                              Function 00007FF8A86E1613 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: getaddrinfo
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_addr.c
                                                                                                                                                                                                                              • API String ID: 300660673-2547254400
                                                                                                                                                                                                                              • Opcode ID: b79d4223b6bbc2254cee69598f955535b60997deb526dee558906d47e9ce2c0d
                                                                                                                                                                                                                              • Instruction ID: e49c7003c4bc8cf68960a1bb0dbff5ec7be04fb23e5219d020b79933a1cc1402
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b79d4223b6bbc2254cee69598f955535b60997deb526dee558906d47e9ce2c0d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1241C772A1968297F7609F22A444ABAB350FB847C4F504139FB8947B85EF3CD845CB58
                                                                                                                                                                                                                              Function 00007FF6DFF7DA10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-3474627141
                                                                                                                                                                                                                              • Opcode ID: 23188349e83ee451bd10b25c6aa65908cd8bb1407ab069ba85c36fe8cde94703
                                                                                                                                                                                                                              • Instruction ID: ea7d7fa1beba4fb9b81b13a6b6b7af66ed2faf8db1383a30a18d23fb41ca7994
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23188349e83ee451bd10b25c6aa65908cd8bb1407ab069ba85c36fe8cde94703
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38215B66A04F849AEB118F69D8413EE7371FF59798F444622EE8C57724EF38D259C300
                                                                                                                                                                                                                              Function 61CC80E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Format
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 376477240-1595188566
                                                                                                                                                                                                                              • Opcode ID: 960d9e82832d80b5d251f78757c6aac51f3874074bb90b2dd8c425cb276a6d53
                                                                                                                                                                                                                              • Instruction ID: 8a989ee0f3e15c76c927350f18d15c2fb209ccf0fc94d46deaad71a0c4290455
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 960d9e82832d80b5d251f78757c6aac51f3874074bb90b2dd8c425cb276a6d53
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B01F273B00654C9EB0097A9D8807CE37A1EBCAF84F8E8022CD5D173A1DF29C882D381
                                                                                                                                                                                                                              Function 00007FF6DFF72F10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message_errno
                                                                                                                                                                                                                              • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                              • API String ID: 1796756983-2410924014
                                                                                                                                                                                                                              • Opcode ID: d1cbbd953ca21beeb29a1fcc411e82e708ae5de07ba7f1a82297aa0e77065503
                                                                                                                                                                                                                              • Instruction ID: 3528331e711ed51f9038acbe8c82439837edfb55d7efaa6888778f9b2227a186
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1cbbd953ca21beeb29a1fcc411e82e708ae5de07ba7f1a82297aa0e77065503
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07016262A1C681D1F2209B22F8407EE6764FB94BD4F904232DF9C53B99CE3CD666CB44
                                                                                                                                                                                                                              Function 00007FF6DFF7DA5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2713391170
                                                                                                                                                                                                                              • Opcode ID: 4bc73b72bde602d50bd6996f048aa5e1ed414ff175956bb87dcdf23f434c2120
                                                                                                                                                                                                                              • Instruction ID: f409264a34dc21a663902793d20d8ef256a9f8a28325509877978cebf4d50623
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bc73b72bde602d50bd6996f048aa5e1ed414ff175956bb87dcdf23f434c2120
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43015A66A04F848AE7118F69D8402AE7770FF4DB99F044722EF8D27724DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF7DA69 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2468659920
                                                                                                                                                                                                                              • Opcode ID: ff2b5c5fb687d91f0b221557c7184b2a53967751068dee2070be2c40401cae02
                                                                                                                                                                                                                              • Instruction ID: 4ec232df48cabf016e323973b6fb810d5ee70b24c5a579c74140d1a437babf19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff2b5c5fb687d91f0b221557c7184b2a53967751068dee2070be2c40401cae02
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A014866A04F848AE7118F69D8402AE7770FF4DB99F044622EF8D2B724DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF7DA76 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4064033741
                                                                                                                                                                                                                              • Opcode ID: 4a93ca5e65c98c494370446ff841bccd9ff8d068e8bfda7413ee571c7891f540
                                                                                                                                                                                                                              • Instruction ID: 40f3be69c8f015ed90040d3d59ad8a048c53a61d45ce2618f5cce828a7fa1eb9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a93ca5e65c98c494370446ff841bccd9ff8d068e8bfda7413ee571c7891f540
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28015666A04F888AE7118F69D8402AE7770FF8DB99F048722EF8D6B725DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF7DA83 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4283191376
                                                                                                                                                                                                                              • Opcode ID: 0d1aa399085a75b8b072d80d84b44118880c3291a941a9cf13af9718a2cff7b3
                                                                                                                                                                                                                              • Instruction ID: 7426d82e1fda0ca193de79dfe724d53d3241c4aeaeb8e865a7944e1d53d0f0a3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d1aa399085a75b8b072d80d84b44118880c3291a941a9cf13af9718a2cff7b3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91015A66A04F848AE7118F69D8402AE7770FF8DB99F044722EF8D67724DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF7DA90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4273532761
                                                                                                                                                                                                                              • Opcode ID: f67ed119eb88b9fe41558e53022155db75d7e3d109680d0b53d5d3a77e47e22f
                                                                                                                                                                                                                              • Instruction ID: 9b497590dbd34f8225aeb5ebe17caa28a98b3b8d6606dc62705535b93449c97f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f67ed119eb88b9fe41558e53022155db75d7e3d109680d0b53d5d3a77e47e22f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32015A66A04F848AE7118F69D8402AE7770FF4DB99F044722EF8D67724DF28C155C300
                                                                                                                                                                                                                              Function 00007FF6DFF7DA9D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2187435201
                                                                                                                                                                                                                              • Opcode ID: b97a8a5cf53c8f5fae4f755748c6196fedc78155e63a17b4b90822ca1f009b6f
                                                                                                                                                                                                                              • Instruction ID: 4044260a64d3866eecffe72d0060c1cebcefad0b55a0cc0e23d2225388023843
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b97a8a5cf53c8f5fae4f755748c6196fedc78155e63a17b4b90822ca1f009b6f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F014466A04F888AE7118F69D8402AE7770FB8DB99F048622EF9D6B724DF28C155C300
                                                                                                                                                                                                                              Function 00007FF8A8514F30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                              • String ID: no such name
                                                                                                                                                                                                                              • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                              • Opcode ID: 533e5db2ea8327bb3688227c18eba153aff2050769d382af6a25517e5fc569ab
                                                                                                                                                                                                                              • Instruction ID: 0e2271cafe212c86c6d1dabc6d9b9db96682aae7047e22e5a493dc53085060a1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 533e5db2ea8327bb3688227c18eba153aff2050769d382af6a25517e5fc569ab
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1016D31A2AA42A1FB61AB21EC103B963A0FF9CBC9F401031DE4E46351EF2CE1498724
                                                                                                                                                                                                                              Function 61CDD820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • LTC_ARGCHK '%s' failure on line %d of file %s, xrefs: 61CDD836
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __iob_funcabort
                                                                                                                                                                                                                              • String ID: LTC_ARGCHK '%s' failure on line %d of file %s
                                                                                                                                                                                                                              • API String ID: 1307436159-2823265812
                                                                                                                                                                                                                              • Opcode ID: 7be6efe7e18f20eb3da32b1681c5e69285cb50896b85a805f227e79cadb39564
                                                                                                                                                                                                                              • Instruction ID: 29a98c079027e3afa66e70cbb24ad838e73306ca4f07025700c82559dfb2dc3e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7be6efe7e18f20eb3da32b1681c5e69285cb50896b85a805f227e79cadb39564
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4D05B7421065561DB105B156804B955771F799FD8F4C80109D4D47B209B14D115C340
                                                                                                                                                                                                                              Function 00007FF8A86E6BE5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2095810127.00007FF8A86E1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8A86E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2094573699.00007FF8A86E0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A86ED000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8745000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8759000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A876A000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A8770000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A877D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2095810127.00007FF8A892B000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A892D000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8958000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A8989000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89AF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097305023.00007FF8A89D5000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097463664.00007FF8A89FC000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097485785.00007FF8A8A02000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A04000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A20000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2097505992.00007FF8A8A24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a86e0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastioctlsocket
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                                                              • API String ID: 1021210092-540685895
                                                                                                                                                                                                                              • Opcode ID: d80158cf191a90923b6d34e95f28d0695f58e7fdc997def954971b504fcc12af
                                                                                                                                                                                                                              • Instruction ID: 84b9f6d4e438e9b8be112fdbeb643a0ddd01aca683832d251ce3188de79132f2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d80158cf191a90923b6d34e95f28d0695f58e7fdc997def954971b504fcc12af
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0E09A60F0B503A7F7205B60E809BB9A210EF04385F004138E91D82AA0FF3DB6598B29
                                                                                                                                                                                                                              Function 00007FF8A8512650 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _PyObject_GC_New.PYTHON310(?,?,00000000,00007FF8A8512563), ref: 00007FF8A8512656
                                                                                                                                                                                                                              • PyObject_GC_Track.PYTHON310(?,?,00000000,00007FF8A8512563), ref: 00007FF8A8512688
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092803364.00007FF8A8511000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8510000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092785159.00007FF8A8510000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8516000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A8572000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85BE000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A85C2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092819596.00007FF8A861B000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093881153.00007FF8A861F000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2093901496.00007FF8A8621000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff8a8510000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Object_$Track
                                                                                                                                                                                                                              • String ID: 3.2.0
                                                                                                                                                                                                                              • API String ID: 16854473-1786766648
                                                                                                                                                                                                                              • Opcode ID: 69c2b4e3579cbbdfeaa96c61cbd88fc537ba55c567b2cadc9d0896fd70d47e88
                                                                                                                                                                                                                              • Instruction ID: 4208d496b5957e3fe3b0bfff838ef12c1b6fa68b5a3c245e19ef1cc86148af76
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69c2b4e3579cbbdfeaa96c61cbd88fc537ba55c567b2cadc9d0896fd70d47e88
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDE07575E4BB02A5EE15AB61AC4406422A8FF0CBD5F940175CE5D06360EF3CE1A4C268
                                                                                                                                                                                                                              Function 61D40B30 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2090267806.0000000061CC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090249567.0000000061CC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090321178.0000000061D42000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090339482.0000000061D46000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090355770.0000000061D47000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090379600.0000000061D5F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090396791.0000000061D62000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090413205.0000000061D64000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2090429418.0000000061D68000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_61cc0000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4020351045-0
                                                                                                                                                                                                                              • Opcode ID: 3852664fb548eb3690685970ed851e1bbc8a291f89a352196600bd470e0754d9
                                                                                                                                                                                                                              • Instruction ID: ac1c7fe1ee0cb8314eec24b34ba87c16c995642a6f902d7be043287d4afa6cd5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3852664fb548eb3690685970ed851e1bbc8a291f89a352196600bd470e0754d9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31012C71326A01C6EB48CF95E8903D523A2F7A8BC8F98D425C95DC7360EB6AD4A1C784
                                                                                                                                                                                                                              Function 00007FF6DFF747E0 Relevance: 5.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                              • Opcode ID: 14c5883419c611777b0d93c0fb5d87dc536fad9dcc94c105246673673a4a11ed
                                                                                                                                                                                                                              • Instruction ID: 989cc6f2cd2bf04213030c574eaab4401f27d8d3b2eb54f6acaa518a628baea1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14c5883419c611777b0d93c0fb5d87dc536fad9dcc94c105246673673a4a11ed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3601B163E08515C2EB60DB36E4412BDA770FF88F58F258232CE1E87346CD28D8A2C784
                                                                                                                                                                                                                              Function 00007FF6DFF76EB0 Relevance: 5.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2092586742.00007FF6DFF71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DFF70000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092573171.00007FF6DFF70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092605870.00007FF6DFF8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092620515.00007FF6DFF8B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092637221.00007FF6DFF95000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092654562.00007FF6DFF99000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092683720.00007FF6DFF9A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2092701130.00007FF6DFF9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6dff70000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                              • Opcode ID: a5be05ce9e3df6903c3f459cc244011c381c899b880c6fb27956f4f42c0584c9
                                                                                                                                                                                                                              • Instruction ID: 53d1c5cef05e611de79c153dfbf840d3de36754651e1243659b0dabcad704ec2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5be05ce9e3df6903c3f459cc244011c381c899b880c6fb27956f4f42c0584c9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40F08C91E0A51245FD69AA72E0203BD57205F44F84F148432CB2E97B82CE2DE862C314